Hacking Incidents Still Leading the Pack
A key driver behind the surge in the number of affected individuals is hacking incidents that have been reported since 2015. Those include the largest health data breach reported to date – the cyberattack reported in February 2015 by health insurer Anthem, which resulted in a breach impacting about 78.8 million individuals.
Of the 349 breaches currently under investigation by OCR that have been reported in the last 24 months, 145 involved hacking/IT incidents; 125 involved unauthorized access/disclosure, which include incidents potentially involving insiders or external actors; and 71 involved lost or stolen unencrypted computing devices.
Since 2009, 348 reported hacking/IT incidents have impacted about 130.7 million individuals, or nearly 75 percent of those impacted by all 2,018 major health data breaches reported to OCR.
“The big takeaway here is that phishing is a successful way to get inside healthcare facilities,” Lucci says.
“This means that ongoing reminders and providing real examples to employees in educational sessions are the key to preventing insider errors. Another important factor that we learned from the WannaCry ransomware is that with a growing number of the workforce working remotely, or even business associates with access to protected health information, it is imperative to ensure that patches and updates are installed as soon as they are released.”