11 million patient record breaches make June worst month for information security in 2016
The number of healthcare security attacks continues to grow with breaches of over 11 million patient records in June, more than any other month this year, according to a report from security firm Protenus and DataBreaches.net
The June breaches totaled 11,061,649 patient records, representing 23 of 29 incidents for which exact numbers were available. Most of the breaches are attributable to a single hack that included a large insurer database (10.3 million records).
“The impact and rate of breaches illustrate how vulnerable the healthcare industry remains, as well as the need to proactively protect patient privacy and data with new technologies,” the report said.
The findings and report come as Protenus and Databreaches.net launched what will be the monthly Healthcare Breach Barometer. Citing data from the U.S. Department of Health and Human Services, the companies said that reported breaches in May totaled 691,892, while the first half of 2016 saw 137 incidents.
In June alone, 86 percent of the breaches occurred at 24 healthcare providers, followed by three at health plans and one related to an NFL sports team (although it is not yet confirmed if the records are covered by HIPAA), the Protenus and Databreaches.net report explained.
Hacking and insider incidents occurred in equal numbers during June. Outright hacking totaled 41.4 percent of reported breach incidents, while the same percentage involved insider wrongdoing or error and 17.2 percent involved theft or loss of devices or paper records. In the 23 incidents for which information is available, 9 involved business associates (BAs) or vendors, with six attributed to the same BA.
“The number of business associates with access to patient records via EHR systems increasingly creates new security complexities for health systems to manage,” the report said.
Sign up for the Healthcare IT News Privacy & Security Update newsletter.