Medicare Compliance & Reimbursement

HIPAA:

2019 Data Security Incidents Are Pummeling Providers

Hint: Hackers are pushing healthcare’s limits.

The feds had a banner year in 2018, reporting a record number of data breaches involving the loss of patients’ ePHI. But as data security incidents pile up, it looks like 2019 is set to trample previous years’ breach numbers.

Background: Breach statistics suggest that healthcare is taking a beating so far in 2019. The healthcare data analytics giant, Protenus Inc, tracks data breach reporting using artificial intelligence (AI) and recently released a report in coordination with  databreaches.net titled The 2019 Mid-Year Breach Barometer — and the numbers aren’t pretty. From January to June 2019, there were 285 incidents; moreover, the 240 that were disclosed impacted more than 31.6 million individuals’ protected health information (PHI), according to Protenus.

The 2019 healthcare breachfest is shocking for two reasons. First, data security incidents are on the rise, highlighting how vulnerable the industry is to cyberattack. Second, the huge number of affected patients’ records just in the first half of this year is “more than double what the industry experienced throughout the entire year of 2018,” notes the report.

Check Out the Breach Details

Hacking ranks as the overarching cause of the spike in lost electronic PHI (ePHI). In fact, 88 percent of the incidents were due to hacking in the first half of 2019 and included 168 breaches of the overall total, indicates Protenus. The additional 12 percent of breaches impacted paper records.

Who: The report shows that healthcare providers are the most endangered entities and took the biggest hit, accounting for 72 percent of the data breaches. Business associates (BAs) were attributed with 9 percent while health plans added 11 percent to the incident log. Another 8 percent of breaches weren’t categorized by entity type.

What: Insider threats due to human error and wrongdoing as well as the general theft of records factored in the numbers, Protenus notes. But cybercrime caused the majority of breaches, and the hacks covered the spectrum of attacks from ransomware or malware attack to phishing and even extortion, relates the brief.

The report’s results certainly serve as a warning to proceed with caution in the healthcare space. And cautious providers may want to up the ante on their HIPAA compliance protocols, especially in regard to data security, experts advise.

“Healthcare has traditionally been less sophisticated when it comes to information security ... [but] now is the time to get serious about protecting systems, because lives and institutions are at stake,” warns HIPAA expert Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems LLC in Charlotte, Vermont.