For 2017, the Breach Barometer found that 5.6 million patient records were compromised in 477 total breaches. In the largest breach disclosed in first quarter, an unauthorized third-party gained access to an Oklahoma-based healthcare organization’s network that stored patient billing information for 279,856 patients.
At SkyFlok we allow users to use multiple cloud storage providers together to efficiently and securely store their files. We use an innovative cloud technology to spread the data across multiple locations and providers, which means that an attacker needs to compromise multiple Cloud providers before having any chance to look at the files. With SkyFlok, your clients’ data is safe and private… and you keep full control over it.
Healthcare insiders were most likely to snoop on family members—a whopping 77.10 percent of privacy violations in the first quarter.
Snooping on fellow co-workers was the second most common insider violation, followed by snooping on neighbors and celebrities, according to proprietary nonpublic data collected by Protenus, an AI platform used to analyze access to patient data inside electronic health records.
Medicaid numbers, healthcare provider names, dates of service, and limited treatment information may have been in the server folders, along with one Social Security number. Medical records were not on the server, OSUCHS stressed.
If healthcare employees breach patient privacy once, there is a greater than 20 percent chance that they will breach it again in three months’ time, and there is a greater than 54 percent chance they will do it again in one year, according to Protenus data.
Healthcare organizations accumulate risk that compounds over time when proper detection, reporting, and education do not occur, according to Protenus.
The Breach Barometer found that it takes healthcare organizations an average of 244 days to detect a breach once it has occurred.
It took on average 308 days for an organization to discover a breach, up from 233 days in 2016. At the same time, it took 73 days on average to report a breach to HHS once it was discovered, significantly down from the 344 days on average to report to HHS in 2016, the report noted. These numbers are surprising, given that the HIPAA Breach Notification Rule requires that data breaches affecting 500 individuals or more must be reported to HHS within 60 days of discovery.
“In general, healthcare entities are able to detect hacking incidents quicker than insider incidents, but hackings tended to have longer gaps between the discovery of the breach and reporting it. This may be due, in part, to law enforcement officials asking organizations not to disclose the breach publicly as they can continue their investigation,” the report observed.