In November 2017, healthcare data security and privacy company Protenus released a report on the most common security breaches in healthcare. Here are a few key takeaways.
Insiders are a bigger threat than hackers
Protenus is one of the largest security vendors for electronic health records (EHRs) and their mid-year review sheds some important light on the most common types of security breaches in healthcare. Figures were calculated based on reported incidents to the U.S. Department of Health and Human Services (HHS), the media, and state attorney generals. Here are several key findings all pointed towards one direction; those being:
- 41% of the health and data breaches in 2017 were caused by insiders. These errors, leaks and incidents are estimated to have affected over 1 million patient records and are on course to overtake the number of breaches in 2016.
- Security breaches caused insiders were mostly simple accidents, but these accounted for a larger chunk of security incidents which affected patient records.
- Insider accidents affected over 420,000 patient records, whereas, insider wrongdoings affected over 740,000 patient records.
- On average, insider breaches go unnoticed for 387 days. This is because insiders, malicious or not, are using legitimate credentials, making inappropriate use much harder to detect.
Hackers are not far behind
- Hacking accounted for 32% of all reported incidents, and garnered more media attention because hackers usually disrupt a large amount of patient records in a single incident. It is estimated that close to 1.5 million patient records were breached by them.
- Extortion is on the rise, and it comes as no surprise that the healthcare industry has become an easy target due to an ever-increasing volume of sensitive data and lack of security measures. There were 46 recorded incidents in September, compared to 33 in August.
- As cyber criminals' attempts to access patient records become more rampant and sophisticated, companies, now more than ever must be wary of security breaches. The data presented in Protenus’ report highlights some of the most common causes of a security breach and emphasizes the importance of two methods companies should use to potentially reduce compromises in security: IT training and ongoing education on security methods to counter errors made by insiders, preventing cyber attacks, and proactively reacting to malicious insiders.
To ensure peace of mind, you need IT professionals with years of experience in preventing security breaches all while adapting to the ever-changing and fast-paced technological landscape of today. Call us today so we can help secure and manage your highly valuable electronic medical records!