Dive Brief:
- In January, 31 health data breaches occurred affecting 388,307 patient records, Protenus outlined in a new report.
- The cybersecurity firm reported 59.2% of the breaches, impacting 230,044 patient records, were a result of insiders.
- Hacking incidents accounted for 145,636 patient records to be compromised in January.
Dive Insight:
Cybersecurity is becoming more of a big deal. Protenus in the report reminds the industry 2016 averaged at least one health data breach a day. Last year made ransomware a household name and hacking doesn't seem to be slowing down in the healthcare industry. Even a cursory glance at HHS' Office for Civil Rights breach disclosure website affecting 500 or more individuals shows theft/loss of laptops have declined while hacking has risen in at least the past three years.
Protenus noted the average time between the time of breach and HHS notifications was 174 days and 40% of reporting entities took longer than 60 days to notify HHS. Breach notification timing will be key in this year as HHS has already messaged through a recent $475,000 fine to Presence Health that it will not afford providers lag time to report breaches within 60 days, as required by law. Last year, the agency stated it will conduct on-site HIPAA audits in 2017.
Timing withstanding, breaches are expensive: about $7 million is the average total cost of a data breach, a June 2016 Ponemon Institute study conducted for IBM found. In one expensive example, the Children’s Medical Center of Dallas after multiple HIPAA breaches was fined this month a civil money penalty of $3.2 million.