Written byChris Bing
A total of 246,876 U.S. healthcare patient records were breached last month alone, according to data gathered by tech firm Protenus. The new report finds that a significant portion of recent breaches were caused by insiders rather than external cyberattacks like ransomware, a malware variant that has become nearly synonymous with the larger healthcare industry.
Over the course of a 30-day period, 37 separate breach incidents occurred in September, including the leak of healthcare records belonging to American athletes stored by the Montreal-based World Anti-Doping Agency.
Breaches involving healthcare providers represented 91.7 percent of September breaches, Protenus’ data shows.
“As medical records across the globe become digitized, healthcare organizations have increased pressure to enhance cybersecurity practices from stakeholders and strict regulations, including HIPAA and HITECH. Despite this pressure, time and time again, healthcare organizations are falling victim to cyberattacks that are putting patient data at risk,” said Joshua Douglas, chief strategy officer at Raytheon Foreground Security.
The average “dwell time” — a term used to define a hacker’s time within a network from point of entry to notification and mitigation — was roughly 151 days. The largest single incident last month involved a ransomware virus that affected approximately 58,000 records.
“There is an alarming trend of more breach incidents per month in the second half of 2016 than in the first half, with this month’s analysis showing 37 incidents either reported to HHS or first disclosed in media or other sources,” Protenus’ report reads.
Fifteen of September’s 37 data breaches came due to insider activity. Seven of those incidents occurred because the insider inadvertently or otherwise accidentally caused a leak. The other eight incidents were intentionally orchestrated for criminal purposes, according to Protenus’ research team.
California led the way with 11 of last month’s 37 breaches, including a ransomware attack disclosed on Sept. 28 by Marin Healthcare District that resulted in the loss of 5,000 patient records.
“It’s hard to know all the drivers of this upward trend, or even if this trend will continue, but some facts are clear,” said Protenus CEO Robert Lord. “As bad actors with malicious intent become more aware of the value of health records, healthcare will continue to be plagued with more breach incidents until organizations become proactive instead of reactive in thwarting these incidents and increase their current privacy posture.”
He added, “Other important factors, like awareness and improved reporting, increased integration of health data systems, and a continued lack of improvement in health data security and privacy postures will likely also contribute to an increase in breach numbers.”
Notably, while insider activity ultimately resulted in a majority of the 37 aforementioned incidents, actual hacking led to the compromise of a greater amount of records overall, the report shows. Additionally, it is important to note that the report’s data may be skewed because it only represents the experiences of organizations that have publicly come forward to disclose breaches.
Ninety-two percent of healthcare IT decision-makers reported that their organizations were either “somewhat or more vulnerable” to insider threats and another 49 percent felt “very or extremely vulnerable,” according to a 2015 Vormetric Insider Threat Report.