Hacks account for 95% of breached health records in August

Register now

In its August assessment of the U.S. healthcare system data security environment, the Protenus Breach Barometer report explains how a new trend of healthcare organizations reporting data breaches quicker than previously is not necessarily a good thing.

The reason for quicker reporting is relatively simple. Providers are discovering breaches sooner because a hacking attack, primarily ransomware, makes it clear that you have a breach. But it is a breach you know and can mitigate.

The real problem remains the very long time periods where providers don’t know they have an insider data breach with an employee collecting and selling data, or otherwise misusing it.

Tewksbury Hospital in Massachusetts, for instance, suffered a data breach and did not discover it until the spring of 2017 when a former patient expressed concern that their medical record may have been inappropriately accessed. It turned out that an employee, since terminated, over 14 years was occasionally snooping in patients’ electronic medical records without clinical justification.

Also See: Tewksbury Hospital fires employee after long-term snooping

In August 2017, hacking accounted for 54.5 percent of reported breach incidents, according to Protenus. The 18 known hacks accounted for 95 percent of breached patient records and 17 of the hacks affected 637,575 patient records, with numbers not yet available for the 18th hack.

During August Insiders were responsible for 27 percent of breaches. Three breaches resulted from physical theft of records, at least five incidents were caused by third-parties or business associates, six incidents compromised paper or film patient records, and six health plans had a breach.

Protenus further warns of resurgence of attacks during August on unsecured MongoDB installations and Rsync backup devices under which the installations and devices are being wiped out or ransomed.

“While it is unclear how many of breached installations or servers contained health or patient data, this should remind healthcare organizations to check configuration settings and test the security of all backup servers and devices,” according to Protenus, which receives the data it analyzes from the databreaches.net web site.

For reprint and licensing requests for this article, click here.