Security woes increasingly sting the healthcare industry
The healthcare industry continues to be plagued by hackers, with at least one breach on average being discovered each day.
Overall numbers of breaches remain significant, according to the annual Breach Barometer report from Protenus and DataBreaches.net.
“Our analysis is based on 503 health data breaches reported to HHS, the media or some other source during 2018,” say Kira Caban, director of strategic communications, and Robert Lord, co-founder and president, both from Protenus and authors of the study. “We have details for 417 of those incidents, which affected 15,085,302 patient records.” By contrast, about 5.5 million records were breached the previous year.
In 2018, the total number of patient records affected by a breach almost tripled the number of records breached in 2017. The largest single breach in 2018 affected 2.65 million patient records as hackers had access to data for a week after a North Carolina provider’s business associate was compromised.
Of the 12 largest breaches in 2018, eight were caused by outsiders hacking providers and business associates.
Also during the year, one provider learned that an employee had been snooping on patient records for 15 years. Insiders last year were responsible for 28 percent of total breaches, according to the research of Protenus and DataBreaches.net. These insider breaches affected nearly 2.8 million patient records, accounting for 19 percent of all affected records.
While the overall number of insider breaches decreased in 2018, compared with 2017, there was a big increase in the number of compromised patient records. On average, about four healthcare employees breach patient privacy out of every 1,000 employees. Non-malicious inside error accounted for more than 2 million records breached, while insider wrong-doing neared 400,000 records breached.
“Due to the daily volume of access to health data, privacy and security teams charged with reviewing and investigating breaches are only able to investigate a small fraction of potential violations,” Protenus and Data Breaches.net contend.
They advocate the use of analytics platforms to scan hundreds of millions of patient records each quarter to detect anomalous activity and enable better efforts to monitor electronic access of electronic health records by active users.
The complete report is available here.