One A Day: Healthcare Breaches Are A Daily Event

The Breach Barometer, published monthly through the joint effort of Protenus and Databreaches.net, provides useful insight into current types of data breaches.

The findings are based on information obtained through searching records and releases, not just looking at reports filed with the HHS Office for Civil Rights. By expanding beyond just OCR, the findings provide more insight than would otherwise be readily available.

Continuing the trend from last year, January 2018 saw an average of more than a breach per day, with a total of 37 health data breaches. As usual, hacking incidents and insider issues were the leading causes of the breaches.

Just considering the source of the breach does not tell the whole story, though. As noted in the Breach Barometer, while January saw 12 insider incidents, those incidents only involved 6,805 records, at least according to available figures.
While the number of records that insiders accessed may not have been all that great, the fact that insiders are still inappropriately accessing information is troubling. 

One breach took more than a year to detect, and that individual reviewed a significant amount of personal information. That incident saw 1,309 records accessed over the course of 15 months. While that amounts to roughly 87 records per month, auditing may have been able to detect such activity. More tools are available in the marketplace to automate at least a portion of the review.

In light of the increasing availability of tools, why are more healthcare organizations not taking advantage of them? Can an argument be made that not using such a tool constitutes insufficient security practices? 

While that argument may not apply today, the story could be different in the very near future. Regardless of the technology that may be available now, organizations should not be ignoring insider risks. 

The second leading cause of January data breaches was hacking, which accounted for 11 of the incidents and impacted 393,766 records. That total was more than 80 percent of the records inappropriately accessed in January. The causes of the hacks included phishing, ransomware and malware. 

Those causes do not present any surprises. Instead, they emphasize the fact that healthcare remains under attack and no relief is in sight. The high number of records is also consistent with previous reports, since a hacking incident can easily spread across an entire system or eat up large chunks of data.

As with many previous versions of the Breach Barometer, the January report shows a lot of work remains to be done. No organisation can feel secure, and ongoing efforts are essential.

While it is unrealistic to expect that a month will ever be breach-free, more can be done to reduce the frequency to less than a breach per day. Increasing security and being aware of requirements are key, and failure to do so could lead to the next HIPAA settlement headline.

Information Management

You Might Also Read: 

Massive Breach: 3m Healthcare Records Compromised:

Healthcare Suffers Most Cyber Security Incidents:
 

 

« Learning About Russian Hackers
Cognitive Computing And AI Compared »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Momentum

Momentum

The Cyber Security team at Momentum offers a professional and specialist recruitment service across Cyber & IT Security.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

Braintrace

Braintrace

Braintrace’s services include Managed Detection and Response (MDR), Managed SIEM, SIEM-as-a-Service, SOC-as-a-Service, Advisory Services, and Incident Response.

Barikat Cyber Security

Barikat Cyber Security

Barikat is a provider of information security solution and services including security analysis and compliance, security testing, managed security services, incident response and training.

Blink Ops

Blink Ops

Blink helps security teams streamline everyday workflows and protect your organization better.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.

Xantaro

Xantaro

Xantaro specializes in technologies, software and services for Carriers, ISPs, Hosting and Cloud Providers as well as for Operators of Data Centres and Campus Networks.

Applaudo

Applaudo

Applaudo specializes in helping the world’s most admired brands optimize their IT solutions, reduce delivery costs, and accelerate their digital transformation.

Softcell Technologies Global

Softcell Technologies Global

Softcell is one of India's leading System Integrators. We serve enterprise customers in the areas of IT Security, Mobility, Optimised IT Infrastructure, Cloud and Engineering Services.

Invary

Invary

Invary's expert Runtime Integrity solution, powered by NSA-licensed technology, verifies the security and confidentiality of your system.