Nearly 130K Records Breached in July with TheDarkOverLord as Main Culprit | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Nearly 130K Records Breached in July with TheDarkOverLord as Main Culprit

August 11, 2016
by Rajiv Leventhal
| Reprints
Twenty-eight percent of breaches in the month involved hacking or ransomware; some go unreported for years
Click To View Gallery

A total of 39 incidents and 126,930 records breached in the U.S. involving protected health information or medical/health information were either disclosed or reported in July, according to The Protenus Breach Barometer.

The Protenus automated patient privacy monitoring platform analyzes user behavior to detect and resolve Health Insurance Portability and Accountability Act of 1996 (HIPAA) violations. It’s a monthly snapshot of reported or disclosed breaches impacting the healthcare industry, with data compiled and provided by DataBreaches.net.

After an unheard of 11 million patient records were breached in June, July's number of total records breached is back down to April’s levels (though nearly half of U.S. states had at least one healthcare data breach incident this month). The growing impact, costs and rate of breaches illustrates how vulnerable the healthcare industry remains. In July, Oregon Health and Science University and The University of Mississippi Medical Center paid fines of $2.7 million and $2.75 million, respectively, to the HHS Office of Civil Rights (OCR) for HIPAA breaches and alleged violations.

What’s more, the largest single breach of 23,565 was, once again, the work of the hackers known as “TheDarkOverLord.”  Forty-six percent (18 incidents) of breaches in July were insider incidents, including both accidental and intentional wrongdoings. Twenty-eight percent (11 incidents) of breaches involved hacking or ransomware, including the two databases put up for sale by the TheDarkOverLord on the dark web. 

Interestingly, paper records were involved in nearly 25 percent of incidents, with some records just carelessly left behind or lost. Business associates or vendors continue to be a source of concern and accounted for 24 percent (9 incidents), according to the findings. Eighty-seven percent of breaches were healthcare providers (34 incidents), followed by 8 percent breaches of health plans (3 incidents), 2.5 percent involving a business associate or vendor (1 incident), and 2.5 percent from a U.S Army prison hospital (1 incident).

Furthermore, the average time lapse between when a breach occurred and when the breach was reported is just over two years (25.5 months) for the 16 breaches in July where the exact time interval is known. This interval data confirms that breaches often go on for months or years before they are publically reported. The longest time elapsed from breach to report was over six years. Six organizations reported within three months.  

Not even halfway through the month, August has already seen a few major data breaches in the industry. Last week, Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced that it is notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. And on August 5, Albany, New York-based Newkirk Products, a BlueCross BlueShield business associate that issues healthcare ID cards for health insurance plans, reported a cyber security incident involving unauthorized access to a server containing approximately 3.3 million plan members’ personal information.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Healthcare Execs Anticipate High Cost Returns from Predictive Analytics Use

Healthcare executives are dedicating budget to predictive analytics, and are forecasting significant cost savings in return, according to new research from the Illinois-based Society of Actuaries.

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.