Health data breaches down in October despite Dark Overlord strikes

The number of breach incidents at healthcare organizations along with the total number of patient records dipped in October 2016, the second month in a row after a summer of record-setting healthcare breaches, according to the Protenus Breach Barometer.

The monthly snapshot of breaches, with data compiled and provided by DataBreaches.net, found that in October 35 breach incidents were either reported to the Department of Health and Human Services or first disclosed in the media or other sources. There were some incidents reported to HHS in October that were not included in Protenus' October totals because they were previously disclosed and included in prior Protenus Breach Barometer reports. Of the 35 incidents, information was available for 31, totaling 776,533 records breached.

[Also: HIMSS' Trump presidency predictions: No complete ACA repeal, telehealth, cybersecurity]

Though the number of incidents per month is down compared with the summer, it's still much higher than incidents reported in early 2016. Given the recent drop in pricing for medical records on the so-called dark web, it's difficult to tell if the current trend will continue, Protenus said.

Forty percent of breaches in October 2016 were hacking, malware or ransomware incidents that in total affected 664,549 patient records, the report noted. Of the 14 incidents for which there are numbers, four specifically involve ransomware and another two involve ransom/extortion but not ransomware as the source of the breach. Three organizations reported patient data was irretrievably lost due to ransomware or during recovery from ransomware. And two organizations that reported data loss during ransomware recovery were clients of a business associate that also reported data loss as the result of the same ransomware incident.

[Also: Trump will face cybercrisis in first 100 days, Forrester predicts]

The two hacking incidents with ransom demands both involved a criminal who goes by the name TheDarkOverLord, Protenus reported. Neither incident has yet appeared on HHS's public breach tool, so Protenus only has TheDarkOverLord's claims as to the number of records acquired in the hacks. Because databases generally contain many duplicate records, the number of records claimed may significantly overestimate the number of patients affected, Protenus explained.

"Although TheDarkOverLord has claimed that some of his victims paid his ransom demands, there's not evidence that any of his victims have ever paid," DataBreaches.net said. "Because giving into extortionist demands just encourages more extortion, if operations are not threatened and you have backups so that there's no serious risk of medical records being corrupted or wiped out, entities should probably refuse to pay the ransom."

[Also: Employees, not outsiders, are responsible for most cyber threats, IBM says]

Breaches resulting from insiders resulted in 37 percent of October breaches, five of which were accidental and eight of which were insider wrongdoing, the barometer reported. For the 11 of the 13 insider incidents for which there are numbers, 79,974 records were involved, Protenus added.

In October, 29 breach incidents involved healthcare providers (83 percent of reported organizations), followed by two incidents that were reported by health plans, and three incidents reported by business associates or vendors, according to the barometer. 

This article first appeared in Healthcare IT News.

Twitter: @SiwickiHealthIT