Indications are that 2017 will be another record breaking year for healthcare data violations. Results for the first quarter of 2017 show data breaches have risen, with rises in theft incidents, hacks and unauthorized disclosures.
Last year was a very bad year for healthcare data breaches. More data breaches were reported than in any other year since the Department of Health and Human Services’ Office for Civil Rights started releasing healthcare data breach summaries in 2009.
In 2016, 329 breaches of more than 500 records were made known to the Office for Civil Rights and 16,655,952 healthcare records were released or stolen.
By the end of Q1, 2016, 64 violations of more than 500 records had been reported to OCR and 3,529,759 had been exposed or stolen.
Between January 1, 2017 and March 31, 2017, OCR received 79 data breach reports from HIPAA covered bodies and business associates. Those breaches have lead to the theft or exposure of 1,713,591 healthcare records.
While fewer people have been affected by healthcare data breaches than in the same period last year, the number of reported breaches has increased by more than 23%.
Hacking incidents have risen by 26%, unauthorized access and disclosures have risen by 28%, and theft incidents have gone up by 30%. Incidents involving improper disposal of PHI have stayed the same and there has been little change in the number of reported loss incidents.
April has also started badly, with Ashland Women’s Health having identified a hacking incident that has lead to the exposure of 19,727 patient health records.
While hacking incidents have increased year on year, the biggest threat comes from inside organizations. Protenus says that in January, 59.2% of healthcare data breaches were caused by inside employees, with February’s healthcare data breach report indicating insiders were liable for 58% of violations.