Protenus and DataBreaches.net have released the latest monthly Breach Barometer, which includes findings on healthcare-related cyber threats during November.
Twenty-eight breach incidents occurred last month. Information was available for 25 of the occurrences, impacting a grand total of 83,925 patient records.
These numbers are lower than in previous months. October contained 37 breaches affecting 246,246 records, and September had 46 breaches that impacted 499,144 records.
Despite the slightly lower amounts in November, one single incident touched a lot of (as in 16,747) patient records. It was a ransomware attack on the Hackensack Sleep and Pulmonary Center in New Jersey, according to HIPAA Journal.
The center didn’t pay the ransom. Instead, it used previously made backup files to recover all the encrypted data.
“This incident is an excellent example as to why it is so important for healthcare entities to maintain up-to-date offline backups; the organization was able to quickly resume normal operations even after they had been hacked without paying the ransom,” the Barometer notes.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
And it wasn’t just the Hackensack Sleep and Pulmonary Center. Hacking, in fact, was a significant cause of November’s breaches. Eight incidents during the month involved hacking. Protenus has data on five of them, which impacted 36,804 patient records.
Four of the eight hacking incidents specifically noted ransomware was involved.
Insider-related events also accounted for a number of the breaches last month. Nine incidents involved insiders, and they impacted 36,477 patient records. While two of the events were due to insider wrongdoing, seven were due to insider error.
Additionally, five of the breaches had to do with the physical theft of patient records. These incidents impacted 3,273 records. Another two events involved missing or lost records and affected 2,051 records in total.
The majority of November incidents (23 of them, to be exact) involved healthcare providers. Another three involved health plans and one included a business associate. A single breach involved a law firm, which suffered a ransomware attack involving 16 patient records. It frequently represented defendants in cases regarding workers’ compensation and asbestos, which is why it had access to the medical information in the first place.
As 2017 comes to a close, information from various other reports shows cybersecurity is on the brain of the healthcare world.
New research from Accenture and the American Medical Association found that out of 1,300 physicians, 83 percent have experienced some type of cyberattack in their practices. A fall survey out of HIMSS Analytics and Mimecast unveiled that among 76 healthcare IT professionals, 78 percent have had an email-based cyberattack (whether ransomware, malware or both) in the past year or so.
Photo: mattjeacock, Getty Images
