On Our Radar: September 13, 2019
Here at RADAR, we spend every day reading about different data breaches and security incidents that affect a wide range of industries. One of the industries that is the most challenged in keeping data secure is healthcare.
In the first half of 2019, healthcare was the number one industry that had reported data breaches. Why? It could be due to the stringency of breach notification requirements under HIPAA compared to other industries. Another report found this July to be the highest in history for healthcare data breaches, with 50 reportable breaches exposing over 35 million individual health records.
Some of the attention-grabbing breaches the healthcare industry is experiencing are due to hacking and IT incidents and those hacking incidents have come in the forms ransomware and phishing. The HIPAA Journal explained, “The number of phishing attacks strongly suggest that multi-factor authentication has not yet been implemented by many healthcare organizations.”
Recently, there have been two notable incidents in the healthcare industry that have contributed to the rise in reported breaches in 2019:
- An administrator of vision and dental benefits as well as health plans recently notified 2.96 million patients that their information may have been hacked. The information exposed could have included a mix of names, social security numbers, bank account and routing numbers, addresses, and more. Because of their quick investigation and response, the company was able to notify potentially affected individuals in the 60 day notification window for HIPAA.
- A ransomware attack – including a demand of $1 million – left one Washington-based hospital and medical group unable to access patient files. Interestingly, the clinics were hit harder than the hospital, due to the fact that the “hospital’s older software prevented the ransomware from properly installing on the main system.” While about 85,000 patients were notified of the incident, patient care was not affected due to this attack. This is an indicator of the importance of proper backups and the ability to quantify and prove risk of harm.
The healthcare industry has a heavy burden when it comes to protecting regulated data – these health systems, hospitals, and clinics are entrusted with our most critical and sensitive health data. The healthcare industry must prove itself to be good stewards of this data by protecting it, and alerting us to its disclosure in a timely fashion.
Learn how automation in incident response management can accelerate your breach decision making, including if you need to notify, who, and by when. How Radar Works >