One A Day: Healthcare Breaches Are A Daily Event

The Breach Barometer, published monthly through the joint effort of Protenus and Databreaches.net, provides useful insight into current types of data breaches.

The findings are based on information obtained through searching records and releases, not just looking at reports filed with the HHS Office for Civil Rights. By expanding beyond just OCR, the findings provide more insight than would otherwise be readily available.

Continuing the trend from last year, January 2018 saw an average of more than a breach per day, with a total of 37 health data breaches. As usual, hacking incidents and insider issues were the leading causes of the breaches.

Just considering the source of the breach does not tell the whole story, though. As noted in the Breach Barometer, while January saw 12 insider incidents, those incidents only involved 6,805 records, at least according to available figures.
While the number of records that insiders accessed may not have been all that great, the fact that insiders are still inappropriately accessing information is troubling. 

One breach took more than a year to detect, and that individual reviewed a significant amount of personal information. That incident saw 1,309 records accessed over the course of 15 months. While that amounts to roughly 87 records per month, auditing may have been able to detect such activity. More tools are available in the marketplace to automate at least a portion of the review.

In light of the increasing availability of tools, why are more healthcare organizations not taking advantage of them? Can an argument be made that not using such a tool constitutes insufficient security practices? 

While that argument may not apply today, the story could be different in the very near future. Regardless of the technology that may be available now, organizations should not be ignoring insider risks. 

The second leading cause of January data breaches was hacking, which accounted for 11 of the incidents and impacted 393,766 records. That total was more than 80 percent of the records inappropriately accessed in January. The causes of the hacks included phishing, ransomware and malware. 

Those causes do not present any surprises. Instead, they emphasize the fact that healthcare remains under attack and no relief is in sight. The high number of records is also consistent with previous reports, since a hacking incident can easily spread across an entire system or eat up large chunks of data.

As with many previous versions of the Breach Barometer, the January report shows a lot of work remains to be done. No organisation can feel secure, and ongoing efforts are essential.

While it is unrealistic to expect that a month will ever be breach-free, more can be done to reduce the frequency to less than a breach per day. Increasing security and being aware of requirements are key, and failure to do so could lead to the next HIPAA settlement headline.

Information Management

You Might Also Read: 

Massive Breach: 3m Healthcare Records Compromised:

Healthcare Suffers Most Cyber Security Incidents:
 

 

« Learning About Russian Hackers
Cognitive Computing And AI Compared »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Technology Institute - De Montfort University

Cyber Technology Institute - De Montfort University

The Cyber Technology Institute provides training and high quality research and consultancy services in the fields of cyber security, software engineering and digital forensics.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

Immersive

Immersive

Immersive unifies Cyber Drills, Exercises, Sims, Ranges, and Training into one single, adaptive platform. One Platform. Total Cyber Resilience.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

Camel Secure - ZeroRisk

Camel Secure - ZeroRisk

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.