83% of Breached Healthcare Files in January Due to Hacking

March 8, 2018


The latest publication of the Protenus Healthcare Breach Barometer information has been issued. Protenus informs that all together, at least 473,807 patient files were accessed or stolen in January, even though the number of people affected by 11 of the 37 breaches is not thus far clear.

The report indicates insiders are still causing problems for healthcare groups. Insiders were the single largest reason causing healthcare data violations in January. Out of the 37 healthcare data breaches recorded on January 12 were initiated by insiders – 32% of all data breaches.

Although insiders were the main reason of violations, the occurrences affected a comparatively low number of peoples – just 1% of all files violated. Insiders showed 6,805 patient files, although figures might only be found for 8 of the 12 breaches. 7 occurrences were attributed to insider errors and five were because of internal wrongdoing.

Protenus has drawn attention to one specific insider breach it suffered. A nurse was found to have accessed the health information of 1,309 patients without authorization over a period of 15 months. If the healthcare group had technology in place to check for wrong access, the secrecy of hundreds of patients would not have been breached.

The second biggest reason for healthcare data violations in January was hacking/IT occurrences. There were 11 hacking/IT occurrences informed by healthcare groups in January – 30% of all breaches. Contrary to insider occurrences, these were not very small breaches. They were accountable for 83% of all breached files in January. One single hacking occurrence impacted 279,865 files. That’s 59% of all violated files in the month.

On the whole, 393,766 healthcare files were affected by hacks and other IT occurrences. The final figure might be much higher because figures for five of those breaches have not been computed. Among the occurrences involving an unknown amount of files was the ransomware attack on the EHR Company Allscripts, which led to a few of its applications being unavailable for several days. That occurrence might well be the biggest breach of the month.

Ransomware remains the main problem in healthcare, with six of the 11 occurrences involving malware or ransomware.

The loss or theft of electronic appliances saving ePHI or physical records made up 22% of the breaches. Two occurrences involving the loss of patient records affected 10,590 people and four out of the six theft occurrences affected 50,929 people. The number of people affected by the other two theft occurrences is still not clear. The reason for 16% of January’s data breaches has not yet been announced.

The kinds of breached bodies followed a similar form to earlier months, with healthcare sellers accounting for the most breaches (84%). 5% of the breaches had some BA connection and 3% affected health plans. 8% affected other bodies.

Information on the amount of time it took to find breaches was obtained only for 11 of the 37 incidents. The median time from the occurrence to the date of the finding was 34 days and the average was 252 days. The average was impacted by one occurrence that took 1445 days to find.

The median time duration from the discovery of a breach to reporting the occurrence was 59 days; one day short of the 60-day absolute limit of the Breach Notice Law. The average was 96 days. Four healthcare groups took more than 60 days to inform their breaches, with one taking over 800 days.