4.4M patient records breached in Q3: 7 things to know

There were 117 healthcare breaches disclosed during the third quarter of 2018, comprising nearly 4.4 million patient records, according to a report from cybersecurity software company Protenus.

The report, which is part of the "Protenus Breach Barometer" quarterly series, analyzes healthcare breaches reported to HHS or disclosed to the media from July to September.

Here are seven things to know about healthcare breaches reported during the third quarter:

1. The number of healthcare breaches reported during the third quarter — 117 — dropped compared to the previous quarter, which experienced 142 breaches.

2. However, the number of breached records reported during the quarter — 4.4 million — increased compared to the second quarter of 2018, during which 3.1 million records were compromised.

3. The largest breach reported in the third quarter resulted from a hack at UnityPoint Health in West Des Moines, Iowa, which notified 1.4 million patients in July that some of their personal information may have been compromised after a phishing incident.

4. More than half of healthcare breaches reported in the third quarter resulted from hacking (51 percent), followed by insider wrongdoing (23 percent) and loss or theft (10 percent). Protenus was not able to identify the cause of the remaining 15 percent of breaches reported during the quarter.

5. The majority of breached records reported during the quarter were electronic (81 percent), with the remaining 19 percent of breached records involving paper or film.

6. Almost three-quarters (74 percent) of healthcare breaches reported during the third quarter were disclosed by a provider. Eleven percent of breaches were disclosed by a health plan and 11 percent were disclosed by a business associate or vendor.

7. Of the healthcare breaches disclosed during the third quarter, it took organizations an average of 402 days to discover the incident. The shortest discovery time was one day, while the longest time period was 5,605 days — more than 15 years.

To download Protenus' report, click here.

More articles on cybersecurity:
5 security frameworks hospitals are adopting
SamSam ransomware continues to wreak havoc on healthcare, report finds
1 in 3 ransomware attacks target healthcare companies, report suggests

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months