8.8 million patient health records breached in August, report says
Forty-three percent of breaches in August were insider incidents, including both accidental and intentional wrongdoing.
Some 8.8 million records containing patient health information were breached during August 2016, according to the monthly Protenus Breach Barometer.
There were 44 reports of data breaches in August stemming from 42 separate incidents. The number of patients affected was available for 32 of these reports, totaling 8,804,608 records breached. From January through August, there were 233 reported data breaches in healthcare, the barometer said.
Protenus is a health data security and privacy monitoring company. The barometer is a snapshot of reported or disclosed breaches impacting the healthcare industry compiled by DataBreaches.net.
[Also: Hackers hit SCAN Health Plan, breach data of nearly 90,000 patients]
According to Protenus, insider threats continue to dominate. Forty-three percent of breaches in August were insider incidents, including both accidental and intentional wrongdoing, while 29 percent involved hacking, malware or ransomware. In this category of breaches, however, the seven incidents reported with numbers accounted for 91 percent of records breached for the month. The largest breach in August, which involved 3.6 million records, was caused by hacking. The causes of another 17 percent were unknown, and 12 percent were caused by loss or theft, Protenus reported. Percentages add up to more than 100 percent due to rounding.
Business associates or vendors were involved in 19 percent of breaches. Those accounted for a disproportionate percentage such that the five business associate incidents for which there is data accounted for 47 percent of all breached records in August, the barometer said. Business associate-oriented breaches included insider errors that resulted in exposure of protected health information as well as ransomware attacks and other hacks.
[Also: Central Ohio Urology Group falls victim to hacker; 105,000 documents stolen]
In August, 37 incidents involved healthcare provider organizations, two incidents were reported by payers, and two incidents involved a business associate or vendor. The remaining incidents involved a breach at a public school and a breach involving a telehealth platform; these two were reported by the media but not the school or vendor.
The 42 breach incidents in August encompassed 20 states. California had six incidents in August, the most of any state. Illinois, New York and Wisconsin each had three incidents while Florida and Maryland each had three.
Twitter: @SiwickiHealthIT