Once again, insiders caused the biggest breaches in the past month

The latest Protenus breach barometer found that while hackers caused the most incidents, insider errors impacted the greatest number of patient records.
By Jessica Davis
12:22 PM
Protenus breach barometer

TheDarkOverlord has a history of using Twitter to shame breached organizations. Photo via @Twitter

Hacking incidents caused the majority of healthcare breaches in October, but insider errors impacted an even greater amount of patient records, according to the Protenus Breach Barometer.

Protenus researchers pulled and analyzed data from the U.S. Department of Health and Human Services’ Office of Civil Rights, as well as research from the site DataBreaches.net. In all, 37 breaches were reported last month. This means 2017’s security trend remained true for October: At least one breach occurs in the healthcare sector each day.

[Also: The biggest healthcare breaches of 2017 (so far)]

Insider error continues to be a problem area for the industry. Of the three insider breaches for which Protenus had data, user error caused the breach of about 157,000 patient records last month. Insiders accounted for 29 percent of all October incidents.

In fact, insider error drastically increased in October from other months, September breached just 24,958 records and August affected 26,831.

One of those errors involved a flyer sent to HIV patients, asking them to participate in an HIV research project. The trouble was that the healthcare organization used envelopes with a clear front that revealed the HIV status. This was the second breach of this kind this year.

Another insider incident involved another troubling trend this year: an improperly secured Amazon S3 bucket. That incident breached the records of about 150,000 patients.

 “These incidents serve as a reminder for healthcare organizations to conduct routine training for employees on how to properly handle and distribute information to patients, without breaching their privacy,” the report authors wrote.

“This is especially the case when working with vulnerable populations, as patients with diagnoses like HIV have a lot more at stake if their information is made public -- much more sensitive than their credit card information, such a breach be catastrophic to their entire way of life,” they added.

Hacking is still the industry’s other leading culprit, accounting for about 35 percent of incidents and the breach of over 56,000 patient records. Two of the month’s 13 incidents specifically mentioned ransomware, while two were caused by phishing and three mentioned extortion attempts.

Per the trend, notorious hacker TheDarkOverLord was responsible for all the extortion attempts. And not all of the affected organizations have reported these breaches.

Lastly, the healthcare sector continues to struggle with discovering breaches. It took an average of 448 days for an organization to find a breach. In fact, one incident took 1,157 days or more than three years to discover a breach.

“Both external and internal actors continue to threaten patient information and these breaches have often gone undetected for years, affecting thousands of patients,” the report authors wrote. “Our hope is that healthcare will begin to have conversations on how the industry can better protect the privacy of all patients and specifically devote attention to vulnerable populations.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com