September 20, 2017

Hacking Incidents are Quickly Discovered While Insiders Go Unnoticed

In July and August, it appeared that there were some signs of progress in terms of how long it took to discover a health data breach.  While we’d like to report a new emerging trend, unfortunately the data provided a false sense of improvement.  In the same time frame, healthcare has also experienced an uptick in the number of hacking incidents, which are often quickly discovered due to the effect they have on an organization’s daily operations.  As a result, some of this improvement may simply be attributable to more hacking, rather than faster discovery, though we’ll be tracking this carefully.  Indeed, while hacking is quickly detected, insiders continue to go unnoticed, creating a costly aftermath for both healthcare organizations and patients alike.

Continue Reading
August 16, 2017

Hacking Dominates Breaches, But One Insider Breach Took 14 years to Discover

July is the first month in 2017 to have hacking incidents outweigh insider breaches to patient data in both frequency and number of affected patient records.  While hacking accounted for almost half of total breach incidents this month, the severity and potential damage of insider threats to patient data should not be overlooked, with one incident going undetected for 14 years.

Continue Reading
August 5, 2017

2017 on Track to Exceed 2016 Trend of 'One Health Data Breach per Day'

The Breach Barometer Mid Year Review analyzes how data breaches are affecting the healthcare industry so far in 2017.
Continue Reading
June 19, 2017

Several May Health Data Breaches Took 3+ Years to Discover

In May, health data breaches continued to be disclosed at a rate of one or more per day, a trend first noted in the 2016 Annual Breach Barometer Report.  If the Breach Barometer has taught us anything, it’s not a matter of “if” a healthcare organization will experience a data breach, but simply a matter of “when”. A lot of damage can be done when a breach goes for several years without detection, providing additional time for the information to be disseminated or time for malicious insiders to continue their activities. It is imperative that healthcare organizations educate themselves on what they can do to reduce their risk and detect breaches as soon as they occur.  

Continue Reading
May 22, 2017

Reporting Improvement: 66% of Discovered Health Data Breaches Sent to HHS within 60-day Window

April is the second month in which there seems to be noticeable improvement in the time it takes for healthcare organizations to report their breaches to HHS.  Last month (March) HHS stepped up their enforcement by beginning to fine healthcare organizations not reporting health data breaches within the required 60-day window.  It begs one to ask if healthcare organizations are becoming more diligent in responding and reporting breaches to patient data as a result of this regulatory scrutiny.  Transparency about the data breaches that are plaguing the healthcare industry will help organizations and regulators to better understand the breadth of the problem as well as to determine how to best mitigate and defend institutions from becoming further victimized.

Continue Reading

Receive the latest article to your inbox