Despite the best cybersecurity efforts, the number of breaches in the healthcare world is remaining fairly constant, according to the latest Protenus Breach Barometer.
The Barometer is based on data provided by DataBreaches.net.
Behavioral Health, Interoperability and eConsent: Meeting the Demands of CMS Final Rule Compliance
In a webinar on April 16 at 1pm ET, Aneesh Chopra will moderate a discussion with executives from DocuSign, Velatura, and behavioral health providers on eConsent, health information exchange and compliance with the CMS Final Rule on interoperability.
“If the Breach Barometer has taught us anything, it’s not a matter of ‘if’ a healthcare organization will experience a data breach, but simply a matter of ‘when,'” the May Protenus report states.
In the month of May alone, Baltimore, Maryland-based Protenus found there were 37 healthcare breach incidents either disclosed to HHS or the media. Of the 29 incidents for which Protenus had data, 255,108 patient records were impacted.
Though the number of breached records in May is high, it pales in comparison to statistics from March, when 1.5 million patient records were compromised. There were 39 breach incidents that month.
Perhaps the most shocking statistic from May’s Breach Barometer is this: Three incidents went undetected for more than three years.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
“This information should serve as a call-to-action for the healthcare industry — the time is over to bury our heads in the sand,” according to Protenus. “We should learn from one another on steps that can be taken to reduce the overall risk of experiencing a breach, as well as openly discuss the industry’s privacy and security shortfalls.”
This number becomes all the more shocking when one considers that HHS requires entities to report breaches within a 60-day timeframe.
On top of that, in May, it took an average of 441 days for organizations to find out a breach occurred. In April, it took the average organization 51 days to discover a breach.
On a positive note, Protenus found 83 percent of entities did report their breach to HHS within the required 60 days.
The May breaches stemmed from a variety of causes. While insiders were to blame for 40.54 percent of the total incidents, 35.14 percent of incidents were due to hacking. Another 13.51 percent were caused by loss or theft, and the remaining 10.81 percent is from unknown causes.
The breaches also occurred across multiple sectors of the healthcare industry. Twenty-nine of May’s 37 breaches happened to healthcare providers. Three were reported by health plans, and four were reported by a business associate or third party.
Also of note is the fact that the 37 breaches occurred in 19 states. California led the way in the highest number of incidents (six). Florida and Texas followed suit, with five and four incidents, respectively.
Photo: Rawpixel Ltd, Getty Images
