Q3 2019 Healthcare Data Breaches

In Q3 2019, major health data breaches continued at a pace of over one per day. Of the 131 health data breaches in the quarter, hacking and unauthorized access/disclosure attributed to 66% of the total incidents. The two most significant reported incidents were Optimum260, LLC (Business Associate), and LabCorp (Healthcare Provider), where over 21M individuals were affected. The most significant security breach at a hospital or medical center was Premier Family Medical, where 320,000 individuals were affected. For the quarter, a total of over 27M individuals fell victim to a data breach. This accounts for over a 350% increase in affected individuals in Q3.

These data breaches were caused by a combination of phishing attacks and lost equipment. Others are the result of ransomware attacks, encrypting hospital, and health system data. In one instance, a ransomware attack caused Simi Valley, Calif.-based Wood Ranch Medical to close altogether. Why has the number of attacks continue to rise? Because the attacks have been effective, so the frequency and speed of attacks are increasing.

As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The infographic to the right illustrates the statistics from Q2 2019 of all healthcare-related data breaches. 2019 is on pace to set another record for HIPAA enforcement.

This article originally appeared on Optimum Healthcare IT’s website.