February 28, 2018

A Single Hacking Incident Responsible for 59% of Total Breached Patient Records in January

The health data breach landscape remained tumultuous in January, with almost an equal number of hacking and insider-related incidents. Of note, hacking incidents affected significantly more patient records, due largely to one particular breach that affected 59% of the total number of breached patient records this past month. Additionally, in a recent ruling, the HHS Office for Civil Rights (OCR) levied a $3.5 million fine to a healthcare provider after five separate breach incidents at various locations. OCR found that the organization had failed to conduct a risk analysis of possible threats and vulnerabilities to patient data as well as failed to implement policy and procedures to address security incidents and govern how electronic PHI should be moved in and out of the facilities. OCR and the healthcare organization have agreed to a corrective plan to overhaul the organization’s security measures and risk management plan. This ruling highlights, once again, the necessity for healthcare organizations to educate their employees on proper protocols for handling patient data and to gain full visibility into every access into their EHR in order to mitigate and even prevent these incidents from occurring.

Continue Reading
January 23, 2018

5.6M Patient Records Breached in 2017, as Healthcare Struggles to Comprehensively and Proactively Detect Health Data Breaches

The Breach Barometer Annual Report analyzes how data breaches have affected healthcare throughout 2017.
Continue Reading
September 20, 2017

Hacking Incidents are Quickly Discovered While Insiders Go Unnoticed

In July and August, it appeared that there were some signs of progress in terms of how long it took to discover a health data breach.  While we’d like to report a new emerging trend, unfortunately the data provided a false sense of improvement.  In the same time frame, healthcare has also experienced an uptick in the number of hacking incidents, which are often quickly discovered due to the effect they have on an organization’s daily operations.  As a result, some of this improvement may simply be attributable to more hacking, rather than faster discovery, though we’ll be tracking this carefully.  Indeed, while hacking is quickly detected, insiders continue to go unnoticed, creating a costly aftermath for both healthcare organizations and patients alike.

Continue Reading
August 16, 2017

Hacking Dominates Breaches, But One Insider Breach Took 14 years to Discover

July is the first month in 2017 to have hacking incidents outweigh insider breaches to patient data in both frequency and number of affected patient records.  While hacking accounted for almost half of total breach incidents this month, the severity and potential damage of insider threats to patient data should not be overlooked, with one incident going undetected for 14 years.

Continue Reading
August 5, 2017

2017 on Track to Exceed 2016 Trend of 'One Health Data Breach per Day'

The Breach Barometer Mid Year Review analyzes how data breaches are affecting the healthcare industry so far in 2017.
Continue Reading

Receive the latest article to your inbox