The Department of Health and Human Services’ HIPAA breach reporting website showed that half of the 10 largest healthcare-related data breaches reported this year were caused by vendors or business associates.
Security experts said this demonstrates the importance of vetting third-party providers and including cybersecurity standards in contracts and regular audits.
They also said healthcare providers need to ensure a layered approach to security to defend against attacks that come through third-party breaches.
“The reason business associate data breaches have skyrocketed is a simple numbers game,” said Paul Hales, regulatory attorney of the Hales Law Group. “Criminals know that one successful business associate attack yields protected health information from hundreds of covered entities. In a sense, business associates are just couriers. Covered entities are the real targets.”
Since 2018, the attacks on business associates have doubled.
Some hospitals and health systems that have reported compromised patient information due to a third-party data breach include Seattle Children’s and Houston-based St. Luke’s Health.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
