par Thomas Dworetzky
, Contributing Reporter | December 02, 2019
Healthcare data breaches abounded in October — up 44.44 percent month-over-month with 52 reported to the HHS’ Office for Civil Rights.
All told, 661,830 records were exposed, wrongly disclosed, or stolen in the process of these episodes, according to a report in the HIPAA Journal
“This month takes the total number of breached healthcare records in 2019 past the 38 million mark,” stated the report.
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
The largest five October breaches were topped by one at Betty Jean Kerr People’s Health Centers where hackers exposed 152,000 records. Next biggest hack — at 140,209 records — was at Kalispell Regional Healthcare, followed by the hacking of the Methodist Hospitals, during which 68,039 records were exposed. Fourth was an unauthorized access of 37,952 records at Children’s Minnesota Healthcare Provider, and fifth largest incident at 31,787 records hacked at Tots & Teens Pediatrics.
The Betty Jean Kerr People’s Health Centers breach was a ransomware attack, during which the files were encrypted. No money was paid and the files were lost.
The Kalispell Regional Healthcare incident was the result of phishing — as was the attack at the Methodist Hospitals.
During October, a total of just over 500,000 records were compromised in 18 hacking incidents, as well as 28 “unauthorized access” events that exposed about 135,000 records. Another 5 theft or loss events involved over 13,000 records.
Healthcare providers were the hardest hit in the month with a total of 45 incidents, followed by three at health plans and four at businesses linking to HIPAA-covered organizations.
The issue of healthcare data protection recently prompted a November 15 letter from U.S. Sen. Mark Warner (D-VA), vice chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus, to the Department of Health and Human Services (HHS) regarding possible risks related to the proposed rule by the Centers for Medicare and Medicaid Services (CMS) that would require CMS-funded health plans (including ACA marketplace plans) to let patients access their personal data through third-party consumer applications.
“In just the last three years, technology providers and policymakers have been unable to anticipate — or preemptively address — the misuse of consumer technology which has had profound impacts across our society and economy,” he wrote, adding that, “As I have stated repeatedly, third-party data stewardship is a critical component of information security, and a failure to ensure robust requirements and controls are in place is often the cause of the most devastating breaches of sensitive personal information.”
He stressed that proper safeguards must be in place to protect privacy of this sensitive information.
“Any approach must balance innovation and ease of access with privacy, security, and a commitment to robust competition,” he stated, and underscored the need to ensure that such data is not “commercialized in ways that benefit those providers without direct benefits or compensation to users.”
What is needed, he advised, is for CMS and HHS to set “clear standards and defined controls for all stakeholders that ensure third party software applications accessing patient data through APIs are effectively protecting patient information and that patients are appropriately (and routinely) informed, in clear and particularized ways, how their data is used.”