Insider Breaches in Healthcare Report by Protenus for Q1 2018


The Protenus’ quarterly breach barometer report is a collection of data breach info supplied by and the artificial intelligence program created by Protenus.  The collected information enables healthcare organizations to monitor and evaluate employee EHR activities.

The report this quarter offers an idea of the magnitude of insider HIPAA Rules violation as well as patient medical data snooping. A growing issue in the healthcare industry is insider breaches however the greater problem is that a lot of these breaches are not detected. The majority of insider breaches continue for months and even several years prior to being discovered.

Based on the breach barometer report for the first quarter of 2018,  1,129,744 medical records of patients and health plan members have been read, disclosed or stolen. More than one healthcare data breach happened daily, with a total of 110 breaches submitted to OCR for this quarter.

Data breaches that impacted over 500 people are declared publicly. Small data breaches are submitted to the HHS’ Office for Civil Rights however are not publicised. Based on the Protenus A.I. platform analysis, one of 1000 healthcare data breaches is announced to the public. That means, there are lots of reported inappropriate disclosure of medical records which the general public does not know about.

A lot of healthcare personnel snoop on the medical records whether of members of the family, fellow workers or friends. Snooping of a family member’s medical records comprise 77.10% of all recorded insider snooping in Q1 2018. Unauthorized viewing of health records of fellow workers, neighbors and VIPs like celebrities comprise all other reported insider snooping.

The quick discovery of these insider breaches is crucial to counteract further patient privacy violations. As per Protenus’ data analyses, there’s a 20% chance that an unauthorized healthcare personnel will go snooping again within three months from the first time he did it. The chance of snooping again one or more times over the following year rises to 54%. Kira Caban, Protenus Public Relations Director, said that the risk to healthcare institutions compounds with time when there is no proper detection, reporting or training in place. Sorry to say, many healthcare institutions have no capability to identify unauthorized access to health records and patient privacy violations quickly. The average time to discover a patient privacy violation is 244 days.