Health IT

Insiders were responsible for 23.7 percent of August breaches, but continue to fly under the radar

The latest Breach Barometer from Protenus found there were 33 breach incidents in August. While 54.5 percent of them were due to hacking, 27.3 percent were caused by insiders.

data breach, cybersecurity, breach, security

If there’s one constant in the world of healthcare, it’s the number of data breaches per month.

August was no exception. In its latest Breach Barometer (based on data provided by, Protenus found there were 33 breach incidents disclosed to HHS or the media last month.

Protenus had additional information for 31 of those incidents. Added together, those 31 impacted a total of 673,934 patient records.

This compares to the 36 breaches and 575,142 patient records affected in July.

Approximately 54.5 percent of the August breaches (or 18 incidents) were due to hacking. Five of these incidents specifically mentioned ransomware as the cause of the attack.

Another 15.2 percent of incidents were caused by loss or theft, and 3 percent were due to unknown causes.

The remaining 27.3 percent of breaches (or nine incidents) stemmed from insiders. Seven of these incidents were due to insider error, while two were the result of insider wrongdoing.

Overall, in August, it took organizations an average of 138 days to discover a data breach had occurred.

And upon closer look, the amount of time it took to uncover a breach differed depending on the type of attack. Organizations took an average of 26 days to find a hacking incident and an average of 209.8 days to unearth an insider incident.

“Generally, hacking incidents are discovered much sooner than insider incidents because of the disruption to the organization’s daily operations,” the Barometer notes.

Indeed, this trend points to a larger issue in the field: Insiders seem to be going unnoticed, likely because they have consistent access to EHRs.

For example, last month’s Breach Barometer highlighted the fact that Massachusetts-based Tewksbury Hospital took 14 years to discover an insider incident. A clerk at the hospital inappropriately accessed the records of more than 1,000 patients between 2003 and 2017, and the occurrence was unaccounted for until somebody called in a complaint.

“This should serve as a reminder to healthcare organizations that while hacking can create a large splash due to the large number of affected patient records in one incident, it is the insider threats to patient data that can go undetected for extended periods of time,” the August Barometer points out.

The solution, Protenus says, is advanced analytics, which can help organizations better understand when insiders access patient information.

The majority of August breaches (72.7 percent, or 24 incidents) involved healthcare providers. About 18.2 percent (or six incidents) included health plans. One incident involved a pharmacy and one involved a business associate or third-party vendor. Still another incident involved a private school, which sent out an email containing the medical information of 86 students.

Photo: Rawpixel Ltd, Getty Images