Did you know that almost 32 million patient records were breached in the first half of 2019? That’s more than double the records breached over the entire 2018 calendar year, according to the latest breach barometer report from IT security firm Protenus. Hacking was the cause of 60% of the total number of breaches throughout the first half of the year.
“Geographically, California had the most data breaches per state in the first half of 2019 (26 incidents), followed closely by Texas (22) and Florida (20). California usually has a higher number of reported breaches, perhaps due to stronger oversight, higher patient volume or more robust reporting methods.”
(source: https://www.healthcaredive.com/news/data-breaches-in-2019-already-double-all-of-last-year/560059/)
Data breaches are generally less harmful to organizations than attacks that disrupt or stop the functioning of daily business. However, big and highly publicized breaches can have highly damaging effects on the organization.
Healthcare organizations have the highest costs associated with data breaches: $6.45 million on average. This includes “breach detection, notifying affected individuals, post-breach response and lost business due to downtime, reputational damage and impact to consumer trust”, according to IBM Security’s 2019 data breach cost report.
The single largest data breach in the first half of the year resulted from a hack of American Medical Collection Agency, a major collections agency working for companies such as Quest Diagnostics and LabCorp. It affected more than 20 million patient records. Hackers were able to gain access in some cases to sensitive medical information. Patient data was even found as for sale on the dark web.
The majority of overall breaches (72%) takes place in the provider setting, according to Protenus. Hackers represent a serious threat to healthcare organizations, including malware, ransomware and phishing. Nearly half of the breach incidents so far in 2019 involved hackers.
But staff members within the organizations are also a high risk to security and privacy. And hospital insider error caused by healthcare employees can even go undetected for years because of the legitimate access hospital workforce must have to quickly and effectively deliver patient care.
These longer detection times make it even more important for healthcare organizations to apply effective methods for detecting inappropriate accesses to patient data.
The solution is to make routine training and 100% activity auditing a priority. Healthcare staff needs to be continuously educated to be aware of threats to privacy and how to prevent them.
The numbers of 2019 so far stress the need for healthcare organizations to dedicate more resources to cloud-based security solutions, apply efficient data security strategies including encryption, and prioritize HIPAA compliance with data security regulations.
Meeting HIPAA Compliance and minimizing privacy and security risk can be overwhelming and costly. PCG’s P&S Toolkit provides access to a Virtual Privacy and/or Security Officer along with a library of policies and procedures, standardized training tools, documents, forms, and templates. In addition, the library includes a Privacy and Security Risk Assessment that will guide you meeting your privacy and security needs at an affordable cost.
Good preparation can save money.