One A Day: Healthcare Breaches Are A Daily Event

The Breach Barometer, published monthly through the joint effort of Protenus and Databreaches.net, provides useful insight into current types of data breaches.

The findings are based on information obtained through searching records and releases, not just looking at reports filed with the HHS Office for Civil Rights. By expanding beyond just OCR, the findings provide more insight than would otherwise be readily available.

Continuing the trend from last year, January 2018 saw an average of more than a breach per day, with a total of 37 health data breaches. As usual, hacking incidents and insider issues were the leading causes of the breaches.

Just considering the source of the breach does not tell the whole story, though. As noted in the Breach Barometer, while January saw 12 insider incidents, those incidents only involved 6,805 records, at least according to available figures.
While the number of records that insiders accessed may not have been all that great, the fact that insiders are still inappropriately accessing information is troubling. 

One breach took more than a year to detect, and that individual reviewed a significant amount of personal information. That incident saw 1,309 records accessed over the course of 15 months. While that amounts to roughly 87 records per month, auditing may have been able to detect such activity. More tools are available in the marketplace to automate at least a portion of the review.

In light of the increasing availability of tools, why are more healthcare organizations not taking advantage of them? Can an argument be made that not using such a tool constitutes insufficient security practices? 

While that argument may not apply today, the story could be different in the very near future. Regardless of the technology that may be available now, organizations should not be ignoring insider risks. 

The second leading cause of January data breaches was hacking, which accounted for 11 of the incidents and impacted 393,766 records. That total was more than 80 percent of the records inappropriately accessed in January. The causes of the hacks included phishing, ransomware and malware. 

Those causes do not present any surprises. Instead, they emphasize the fact that healthcare remains under attack and no relief is in sight. The high number of records is also consistent with previous reports, since a hacking incident can easily spread across an entire system or eat up large chunks of data.

As with many previous versions of the Breach Barometer, the January report shows a lot of work remains to be done. No organisation can feel secure, and ongoing efforts are essential.

While it is unrealistic to expect that a month will ever be breach-free, more can be done to reduce the frequency to less than a breach per day. Increasing security and being aware of requirements are key, and failure to do so could lead to the next HIPAA settlement headline.

Information Management

You Might Also Read: 

Massive Breach: 3m Healthcare Records Compromised:

Healthcare Suffers Most Cyber Security Incidents:
 

 

« Learning About Russian Hackers
Cognitive Computing And AI Compared »

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Need to Evolve to a Risk-Based Vulnerability Management Strategy but Don’t Know How? This Guide Will Show You.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Imprivata

Imprivata

Imprivata's authentication, access management and secure communications solutions for healthcare improve provider productivity for better focus on patient care.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

ZeroFOX

ZeroFOX

ZeroFOX safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

Secure Mentem

Secure Mentem

Secure Mentem provides security awareness programs tailored to an organization’s needs that provide automated delivery of awareness materials that constantly reinforce messaging to change behaviors.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.