After a noticeable decline in the number of hacking incidents, insider-related breach incidents have doubled relative to the previous month. February’s health data breaches reinforce the importance of understanding inappropriate workforce activity, especially when the majority of incidents come from within a healthcare organization.  For instance, a Nebraska hospital recently discovered a breach that had been going for more than five years and was the result of ongoing insider-wrongdoing.  It’s important for healthcare organizations to use advanced analytics to immediately detect breaches of this magnitude in real-time, greatly reducing the impact for patients and organizations alike.

2017 has kicked off with a huge proportion of insider threats, as January data from disclosed breaches reveals that 59.2% of breached patient records were the result of insiders.  This month’s health data breaches reinforce the importance of health data security, as the need to protect patient data from insiders continues to loom large.  Healthcare organizations, more than ever, need to be proactive in discovering and reporting when a breach has occurred. This is especially the case given that HHS OCR has issued its first fine for failing to report a breach within their 60-day window.

This month’s data regarding breaches of protected health information reinforces the need for health data security to be a top priority.  With an average of almost 2 breaches per day, November has seen a record number of breach incidents, the highest of any month in 2016.  What’s even more concerning is that employees (insiders) are responsible for more than half of this month’s breaches to patient data, a notable increase from past months.

Each month in 2016 has seen substantial PHI breaches, causing an influx of records for sale on the dark web, which is now causing a sudden price collapse. Hacking and ransomware continue to loom large with several instances of patient data irretrievably lost.

September’s largest single incident involved a ransomware that affected 58,000 records. While the overall number of breached records is down, the second half of 2016 is shaping up to be significantly worse than the first half when it comes to patient data security. September’s breach totals include several olympic athletes after the World Anti-Doping Agency (WADA) suffered from a hacking incident apparently at the hands of Russian cyber-espionage group, Tsar Team (APT28), also known as Fancy Bear. While this month’s patient records breached total (246,876) pales in comparison to this past summer’s total (20 million), it’s important to re-emphasize the ever-evolving threats to patient data and the misfortune that can occur when this information lands in the wrong hands.