Report: Healthcare Data Breaches Continue at Alarming Pace in Second Half of 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Healthcare Data Breaches Continue at Alarming Pace in Second Half of 2016

October 17, 2016
by Heather Landi
| Reprints

Healthcare data breaches are continuing at an alarming pace, with the second half of 2016 shaping up to have more breach incidents per month, so far, than in the first half of the year.

According to the Protenus Breach Barometer report, while the first six months of 2016 averaged 25.3 breaches per month, the second half thus far has had an average of 39.3 incidents per month, an over-55 percent increase. “While the number of months in this total is small, this trend over the last quarter provides some cause for alarm,” the report authors stated.  There were 152 incidents involving protected health information (PHI) or medical health information in the first half of 2016, and so far, in the second half, there have been 118 incidents.

The Protenus Breach Barometer is a monthly snapshot of reported or disclosed breaches impacting the healthcare industry, with data compiled and provided by DataBreaches.net.

In September, there were 246,876 patients records breached with 37 separate breach incidents, either reported to the U.S. Department of Health and Human Services or first disclosed in media or other sources. The total includes breaches of some Olympic athletes’ records after the World Anti-Doping Agency’s breach by a Russian hacking group.

While the total number of patient records breached in September seems small in comparison to the 20 million records breached during this past summer, there have been more incidents involving PHI or medical health information in the third quarter of 2016 compared to the first and second quarters. In the first quarter of 2016, there were 63 incidents and there were 89 incidents in the second quarter. In the third quarter, which was July through September, there were 118 incidents.

According to the breach report, 41 percent (15 incidents) of breaches in September were insider incidents, seven of which were accidental while the majority (8 incidents) were insider wrongdoing. For the 13 insider incidents for which Protenus has numbers, 50,695 records were involved.

Further, 32 percent (12 incidents) of breaches involved hacking, including ransomware and other malware. Five of these specifically mentioned ransomware.

For the 10 hacking incidents for which Protenus has numbers, 154,814 records were involved. “While insider threats represented a greater proportion of incidents than hacking, it's important to note that hacking accounted for substantially more of the breached records than insider events,” the breach report authors wrote.

Of concern to healthcare providers, almost 92 percent of the healthcare data breaches that occurred in September involved healthcare providers, while only two incidents were reported by health plans and one incident reported by a business associate.

And, interestingly, paper records were involved in 19 percent of incidents, with several incidents resulting from insider wrongdoing and/or theft.

Of the incidents reported in September, according to Protenus, it took an average of 151 days from the time the breach occurred to when HHS was notified, which is considerably less than the 558 average number days it took from breach to reporting for August breaches. “These alarming time lapses from breach to discovery stress the importance for organizations to be proactive in monitoring their patient data for outliers in accesses to their patient’s sensitive medical data,” the report authors wrote.

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

CMS Exploring Potential Behavioral Health Payment and Care Delivery Model

The Center for Medicare & Medicaid Services (CMS) plans to hold a one-day summit in September to solicit feedback and ideas for a potential behavioral health model to improve access, quality and cost of care for beneficiaries with behavioral health conditions.

MEDITECH to Soon Offer CommonWell Health Alliance Services to Customers

MEDITECH, a Westwood, Mass.-based electronic health record (EHR) vendor, has announced that it is set to offer CommonWell interoperability services early next year.

HITRUST CSF Certification Now Includes NIST Cybersecurity Certification

HITRUST has announced that HITRUST cybersecurity framework (CSF) version 9 enhancements now extend an “assess once, report many” approach as a standard security framework for multiple critical infrastructure industries and includes National Institute of Standards and Technology (NIST) Cybersecurity certification.

Premier: Analytics Helping Hospitals Optimize Blood Use

An analysis of 645 hospitals revealed that comparative data analytics to drive performance improvement has the potential to optimize blood use across numerous diagnoses.

Almost 80 Percent of Clinicians Still Use Hospital-Issued Pagers

A study examining the communication technologies used by hospital-based clinicians found that close to 80 percent (79.8 percent) of clinicians continue to use hospital-provided pagers and 49 percent of those clinicians report they receive patient care-related messages most commonly by pager.

Survey: IT Expenses per Physician Continue to Rise to Nearly $19,000

Information technology (IT) expenses for physician practices are on a slow and steady rise for most practices, and last year, physician-owned practices spent between nearly $2,000 to $4,000 more per FTE physician on IT operating expenses than they did the prior year, according to a recent Medical Group Management Association (MGMA) survey.