The latest Protenus Breach Barometer report — which includes data compiled by DataBreaches.net — found that insider error incidents continue to be a problem in the world of healthcare cybersecurity.
In the month of October, there were 37 total breach incidents reported to HHS or disclosed to the media, meaning the “at least one breach per day” trend appears to be a constant in 2017.
The report includes statistics for 29 of those incidents, which impacted 246,246 patient records. This number is down from 499,144 records impacted in September, and significantly lower than the 1.5 million records breached in March.
There were various culprits behind the incidents in October.
Hacking accounted for 13 of the 37 incidents. Of the 10 that Protenus has numbers for, 56,837 patient records were affected.
Insiders were responsible for fewer incidents (only 11). But insider error events alone made up about 65 percent of all 246,246 breached patient records.
One notable insider error incident impacted 6,231 patient records. Amida Care, a nonprofit community health plan based in New York City, sent flyers to patients about the chance to participate in an HIV research project. As it turns out, the words “Your HIV detecta” may have been visible through some envelopes.
“Organizations need to ensure that they are putting proper measures in place and providing appropriate employee training in order to minimize the potential for these types of incidents to occur,” the Breach Barometer reads in regard to insider error incidents.
Despite being in the age of technology, there were four incidents of physical theft in October. These impacted 16,533 records. There were also two incidents in which patient records were lost or went missing, affecting 3,994 total records.
Twenty-nine of the 37 October breaches involved a healthcare provider, while seven included a health plan and one involved a school.
Of the incidents in October, it took an average of 448 days for a healthcare organization to sniff out a data breach. In one case, it took more than three years to uncover a breach. An employee defrauded Illinois of nearly $1 million by incorrectly claiming she was providing speech therapy services even after she left the company.
Though more than three years may seem like a long amount of time, it’s nothing compared to Tewksbury Hospital, which took 14 years to discover a data breach.
Additionally, it took an average of 175 days from when a breach was discovered to when it was reported to HHS or the media. The median amount of time to report was 59 days, which falls within HHS’ 60-day reporting window.
Photo: mattjeacock, Getty Images
Join us for 2019’s Digital Medicine & Medtech Showcase in San Francisco, January 7–9.
Digital healthcare investments are benefiting from the surfeit of cash that is lifting the biotech sector and, in fact, all industries in 2018. Learn more by downloading the report.
Frank’s source: https://medcitynews.com/2017/11/insider-error-incidents/
You may be interested
Drones Help Bring Back Electricity in Puerto RicoFrank - Apr 20, 2019
Commercial drones are pretty lazy. Think about it: They spend most of their time taking photos and videos, inspecting equipment…
Samsung’s Galaxy S9 Is Photo-Focused and Purple as HeckFrank - Apr 20, 2019
Eager to put the Galaxy Note 7 disaster in the rearview, Samsung used 2017 to double down on impressive, feature-packed…
Healthcare executives voice their top IT priorities for 2018Frank - Apr 20, 2019
A new survey out of the Center for Connected Medicine and the Health Management Academy examines which technologies healthcare executives plan…