April was an awful month as the healthcare market got a greater number of health data breaches and individuals affected compared to March 2018. The Department of Health and Human Services got 41 records of healthcare data breach incidents that had 894,874 healthcare data disclosed or stolen.
Healthcare data breach incidents had grown month over month within the last 4 months. The leading reason for data breaches in April was illegal access or exposure. Even though there was an apparent enhancement in cybersecurity protection, insiders continue to bring about unintentional data breaches and medical staff still become involved in malicious offenses.
The security episode at the California Department of Developmental Services is the cause of more than 50% of exposed healthcare data in April. It was revealed that robbers took electronic devices from the California Department of Developmental Services office and burned the place following the break in. Almost all of the PHI likely compromised was in physical format however it appears that the robber didn’t get any of it. The ePHI included in the stolen devices was encrypted and therefore was not compromised.
Hacking generally leads to the greatest number of stolen/exposed medical records. However in April, unauthorized access incidents brought about the greatest number of breached data. 11 major breaches occurred which had more than 10,000 records compromised. There were additionally phishing attacks which led to data breaches. Nine data breaches were because of hacking of email accounts. Healthcare companies really should enhance their technologies to avoid the malicious emails from reaching the employees’ inboxes.
Healthcare companies submitted the report of most of the breaches in April. Business associates reported 5 data breaches however they were associated with at least 11 other data breach events. Illinois reported 6 breaches followed by California reporting 5 data breaches. Texas had 3 data breaches while Florida, Iowa, Kansas, Minnesota, Louisiana, Maryland, New Jersey, North Carolina, Wisconsin and Virginia each reported 2 data breaches. States that submitted one breach report each were Montan, Georgia, Kentucky, Nebraska, New York, Tennessee and Pennsylvania.
Concerning financial fines for HIPAA violations, the HHS’ Office for Civil Rights has recently issued two this 2018. New Jersey attorney general’s office settled a state and HIPAA violation case last April versus Virtua Medical Group, who consented to pay $417,816. This data breach case involved the disclosure of information such as names, prescription medication and diagnoses info of 1,654 locals in New Jersey on the internet due to a misconfigured server. Virtua Medical Group was purported to have failed to carry out a risk analysis and apply the fitting security procedures, which led to the data breach.