Healthcare still struggling to detect insider threats, even years after breaches

Nearly 500,000 patient records were reported breached in September, according to the latest Protenus Breach Barometer.
By Jessica Davis
12:50 PM
Share
healthcare security breaches

September was riddled with another long list of organizations dealing with breaches caused by insiders, and some organizations failed to discover some of these for years, Protenus’ September Breach Barometer found.

Insider-wrongdoing impacted nearly three times as many patient records as insider error in Sept. Fifteen incidents were caused by insiders, impacting at least 73,926 records. Protenus found 46,887 records were breached by wrongdoing.

What’s notable about the insider breaches is the amount of time it took an organization to discover an incident. One of insider breach took the organization nearly six years to discover.

“The longevity of this type of breach reinforces the need to have technology in place that can proactively detect a health data breach,” the report authors wrote. “It’s paramount for healthcare organizations to become more proactive and efficient at detecting these insider breaches.”

“Healthcare organizations must learn from one another and utilize necessary resources to better combat this problem that is continuously plaguing the industry,” the authors continued.

Overall, breach reporting was up from Aug., with 46 incidents in Sept. compared to 33 reported to the U.S. Department of Health and Human Services in Aug. Almost 500,000 patient records were affected in Sept., with the largest single incident affecting 128,000 patient records breached by ransomware.

Hacking caused 50 percent of Sept. incidents and accounted for 80 percent of all breached patient records.

Of the 19 hacking incidents for which Protenus had data, 401,741 patient records were breached. One incident specifically mentioned ransomware, seven were caused by phishing and eight mentioned extortion attempts -- for which the notorious hacker TheDarkOverLord (TDO) claimed responsibility.

The number of patient record impacted by TDO’s hacks is unknown, as there is currently no data on three of the extortion attempts. But DataBreaches.net reports that extortion is increasing in every sector and “healthcare sector and education sector are prime targets for extortionists due to the sensitivity of the data and the lack of security when compared to other sectors.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com