The researchers from Michigan State University and Johns Hopkins Carey Business School found that two-thirds of those security incidents were caused by unauthorized disclosure like a mailing mistake, or theft — most commonly someone from outside the organization or an unknown party.
To help mitigate the threats and protect their patients’ data, we recommend healthcare organizations to consider the implementation of a cloud infrastructure which is much more versatile, especially for healthcare customers.
Spreads your data across multiple Cloud providers. We do not store or transport your data through our servers.
Keeps your data fully encrypted not only on its way to the Cloud, but on the Cloud itself – none of our Cloud locations has enough information to read any of your files.
Preserves the integrity of your data even if a Cloud location/provider suffers an outage or in case of a natural disaster due to our unique technology.
Keeps all past versions of your data for your records and also in case of ransomware attacks.
Protect the privacy of your and your clients data with SkyFlok!
Hacking is less common in the healthcare sector than theft and unauthorized disclosure, but those cybercriminals stole more than half of the breached patient records from 2009 to 2017, according to a new JAMA Internal Medicine report.
The study analyzed the 1,138 healthcare data breaches reported to the Department of Health and Human Services between 2009 and 2017. The researcher used the HHS-published breach descriptions to confirm the category and separate paper cases from electronic records.
About half of reported breaches were caused by an organization’s own mistakes or neglect and the majority of which were on mobile devices.
Of note: 4.4 million records were exposed in 117 health data breaches in the third quarter of 2018 alone.
The Break Down
The researchers from Michigan State University and Johns Hopkins Carey Business School found that two-thirds of those security incidents were caused by unauthorized disclosure like a mailing mistake, or theft—most commonly someone from outside the organization or an unknown party.
Hacking accounted for just 20 percent of those breaches – but still managed to breach 133.8 million patient records. On the other hand, despite the number of incidents, theft and unauthorized disclosures only accounted for 42.5 million impacted records.
“Healthcare entities must understand the causes of protect health information breaches, if they aim to effectively manage the trade-off between wider access or higher efficiency and more security,” the researchers wrote.
The researchers also found that the most common corrective plans including encryption and restriction of mobile devices – if PHI was stored in the breached device. Other plans including digitizing PHI and enhancing physical security where paper records were stored.
And for those breaches occurring in the cloud, researchers found the impacted organizations went on to better monitor and audit access and strengthened network firewalls.
Cybersecurity Tops 2019 Priorities
On a positive note, the JAMA report comes on the heels of a study from the Center for Connected Medicine in partnership with the Health Management Academy that found cybersecurity will have the greatest impact on the healthcare sector in the coming year.
The groups surveyed 44 executives from 38 health systems and found that along with increasing telehealth and interoperability efforts, those organizations are “increasing their spending to defend against cyberattacks.”
“Cybersecurity is… right up there on top with regulatory problems and readiness for value-based care. Always there at the top,” one survey respondent wrote.
Cybersecurity also landed in the top spot in 2017, as leaders continue to shore up some of the biggest vulnerabilities. About 87 percent of those surveyed will increased cybersecurity spending in 2019, with half increasing those budgets by 5 percent. This is the second consecutive year that cybersecurity budgets will get a bump.
Those officials cite employee education as the greatest challenge, with 62 percent naming employees as the biggest potential vulnerability – as phishing topped the list as the most common cyberattack in the last year.
But only seven out of 10 respondents were confident in their organization’s cybersecurity posture. And earlier this month, a report found 75 percent of hospital administrators and providers felt underprepared for cyber threats.
“The people that are up to no good have far better tools than we do on our platforms. If they really target you, they will likely find a way in,” one survey respondent wrote “We are not trying to make it impenetrable, but we are trying to make it more difficult to break into our system than others in our market.”