- In the Q3 2018, the patient’s records compromised was increased in huge numbers
- No of Data breaches incident disclosed were decreased compared with Q2 (142) and Q1 (110).
- Hacking was responsible for 51% disclosed incident in the Q3.
- Incidents due to insider wrongdoing were also increased in Q3.
- 402 days was the average time taken discover a breach.
According to the Protenus Breach Barometer report, in the third quarter of 2018 4.4 million patient records were compromised in 117 health data breaches.
A total of 117 data breach were reported to the U.S. Department of Health and Human Services (HHS) between July and September (Q3).
In the second quarter it was 3.15 million records compromised in 142 breaches and in the first quadrant, 1.13 million patient records were compromised in 110 breaches.
Even though the number of incidents reported has been reduced the number of patients affected or patients record compromised has been increased by a huge number.
The number of patients record compromised in the Q1 was 1,129,744, Q2 was 3,143,642 and Q3 is 4,390,512.
Hacking was responsible for the majority of the incidents disclosed in the third quadrant. There were 60 hacking incidents (51%) disclosed in the third quadrant of 2018.
The data breaches because of insider wrongdoing have been also increased in the third quadrant. 23% of incidents disclosed were as a result of insider wrongdoing.
The patient’s record compromised because of insider incidents has been also increased from 4,597 in the first quarter to 2909,689 in the third quarter.
In the case entities, 74% of total incidents (86 incidents) were disclosed by health care providers, 11 % (13 incidents out of 117) by the health plan, 11% (13 incidents out of 117) by third-party vendors or business associates.
“Even though most healthcare organizations have already switched over to digitized patient records, 22 breach incidents still involved paper records. Disclosed data was available for 19 incidents, affecting 344,729 patient records. There may have been more incidents in which paper or film records were involved, but some reports were lacked sufficient information to make that determination.”
Out of 117 medical data breaches disclosed in the third quadrant the average time took to discover the breach after the breach occurred was 402 days. The quickest is one day and the longest was over 15 years.
In the case of the timeline from the discovery of the breach to disclosure of the breach “Of the 53 incidents for which data was disclosed, it took an average of 71 days from when a breach was discovered to when it was disclosed to HHS, the media, or other sources. The median disclosure time was 57.5 days. “ said in the report published by Protenus Breach Barometer and dataBreaches.net.
The single largest breach in the third quadrant was a hacking incident at an Iowa-based health system which exposed patients records of 1.4 million people.
When comparing the other two quadrants even though there is a decrease in data breach incidents the number of patients records compromised has been increased hugely.
Another alarming factor is that the number of patients records compromised by insider wrongdoing has also been increasing in each quadrant.
For more details, you can visit the combined report published by security firm Protenus and DataBreaches.net here.
You may be interested in reading:Cathay Pacific Airline Announces Data Breach Affecting 9.4 million Passengers