Health IT

How many patient records were breached in Q2?

The most recent Protenus Breach Barometer, which looked at data from April through June of 2018, found 3,143,642 patient records were exposed in 142 data breaches.

Close Up of Illuminated Glowing Keys on a Black Keyboard Spelling Data Breach 3d illustration

From April through June of this year, 142 data breaches were disclosed to HHS or the media, according to the latest Protenus Breach Barometer, a report made in collaboration with DataBreaches.net. Details were disclosed in 116 of those incidents, which affected 3,143,642 patient records.

The 3.14 million records breached in Q2 is a hefty increase from Q1, when Protenus reported 1,129,744 records were impacted.

Sponsored Post

Physician Targeting Using Real-time Data: How PurpleLab’s Alerts Can Help

By leveraging real-time data that offers unprecedented insights into physician behavior and patient outcomes, companies can gain a competitive advantage with prescribers. PurpleLab®, a healthcare analytics platform with one of the largest medical and pharmaceutical claims databases in the United States, recently announced the launch of Alerts which translates complex information into actionable insights, empowering companies to identify the right physicians to target, determine the most effective marketing strategies and ultimately improve patient care.

In addition to the breaches disclosed to HHS and the media, the Breach Barometer includes proprietary, non-public data on healthcare breaches in Q2. Protenus reviewed tens of trillions of individual accesses to electronic health records this past quarter.

The Barometer notes that a decent amount of violations — 29.71 percent — were repeat offenders. The other 70.29 percent in Q2 were first time offenders.

Insiders have played a considerable role in causing data breaches. Of the incidents disclosed to HHS or the media in Q2, insiders were responsible for 30.99 events, or 44 breaches. Details were available for 27 of those incidents, which affected 421,180 patient records.

Diving a bit deeper, Protenus’ data estimates that on average, 9.21 healthcare employees per every 1,000 employees breach patient privacy. This compares to Q1, when Protenus estimated an average of 5.08 workers breaching privacy per every 1,000 workers.

The most common insider-related breaches in Q2 — 70.4 percent of violations — involved healthcare employees snooping on their family members.

Aside from insiders, hacking continues to play a role in the healthcare landscape. In Q1 of 2018, there were 30 hacking incidents. But in Q2, that number rose to 52. Details were disclosed for 44 of the events, which impacted 2,065,813 patient records.

Of the hacking incidents, seven specifically mentioned ransomware or malware. Ten mentioned a phishing attack, and one mentioned another form of ransomware or extortion. Plus, 23 reported events were related to theft.

The incidents outlined in the Barometer involved a variety of parties. Ninety-nine of the 142 disclosed breaches in Q2 involved a healthcare provider. Another 15 were disclosed by a health plan, 18 involved a business organization or third-party vendor and 10 were disclosed by a business or other type of organization.

No matter what the organization is, it still can take a while for breaches to be uncovered. Of the 142 breaches in Q2, it took an average of 204 days between when the breach happened and when it was discovered. The median discovery time was much shorter at 18 days. The amount of time widely varies, as the shortest discovery time was one day and the longest was 1,587 days, or more than four years.

As far as where the breaches took place, two states stood out from the rest. California had 20 separate incidents in Q2, which happens to be exactly the same amount it had in Q1. Texas also had a high breach rate in Q2 with a total of 13 incidents.

Photo: Paul Campbell, Getty Images