Dive Brief:
-
Emory Healthcare reported that a scheduling application database with patient information, including addresses, appointment dates, and dates of birth, has been breached and 80,000 patients records were affected, according to a Modern Healthcare report.
-
The Georgia health system learned of the breach on January 3 after an unidentified individual or organization deleted the database and demanded payment from Emory to have it restored.
- Patients who had appointments with the Emory Clinic Orthopaedics & Spine Center from March 25, 2015 to Jan. 3 or with the Emory Clinic Brain Health Center from Dec. 6, 2016 to Jan. 3 could be affected.
Dive Insight:
This is the second breach affecting more than 500 patients that Emory has experienced since 2012, according to HHS Office of Civil Rights (OCR) records. In April 2012, Emory reported that it had lost ten backup CDs containing unencrypted clinical and demographic data on 315,000 patients.
Through the first two months of 2017, healthcare organizations have reported 43 data breaches affecting a total of around 325,000 patients, according to OCR records. Last year, healthcare organizations reported 39 data breaches over the same period of time, although far more patients were affected. Records on nearly 485,000 patients were compromised in one early 2016 incident alone.
The numbers reported so far in 2017 might even be worse than OCR records indicate. Cybersecurity startup Protenus has reported that more than 388,000 patient records were affected by 31 breaches occurring in January alone. Also, an Accenture survey unveiled during HIMSS17 suggested that about medical information on more than a quarter of consumers has been compromised.
If any healthcare executives out there do not think that cybersecurity is a big deal, it is time to think again. Data breaches are expensive and cause reputation damage. The direct costs of dealing with a breach can top $1 million while loss of business can rise to nearly $4 million.