The Redspin 2014 report on PHI breaches has just been released. The 2014 report on PHI breaches indicates it has been a record breaking year for healthcare data breaches.
The latest Redspin report summarizes and analyses the 164 PHI breaches reported to the Secretary of the Department of Health & Human Services’ Office of Civil Rights in 2014, which have exposed the confidential and highly personal data of approximately 9 million individuals; however it did not take long for this record to be smashed.
This year’s data breach at Anthem was on an entirely different scale to the PHI breaches that have previously reported in almost 20 years since HIPAA was introduced.
The successful hacking of Anthem’s computer systems has potentially exposed the data of more individuals than the combined total of the entire history of the bill, and twice the number of people affected by all reported HIPAA breaches since the introduction of the HITECH Act in 2009.
Redspin President and CEO Daniel W. Berger believes that “all PHI breach statistics are going have to be reported as ‘pre- or post-Anthem.’ He went on to say “We wouldn’t be surprised to see the costs of the Anthem breach exceed a billion dollars.”
The biggest cause of data breaches in 2014 was the theft of IT equipment used to access or store PHI, although in terms of the number of victims, hacking topped the list, accounting for 53.4% of the total number of records exposed. Unauthorized access to PHI was second, accounting for 30.7% of the total.
2014 Report on PHI Breaches Shows Encryption on Portable Devices Could Prevent 25% of Breaches
Unencrypted laptops and portable devices accounted for 25% of the HIPAA breaches, email caused 15.2% and servers were responsible for 13.4%. We may be in the age of electronic health records and digital data, but paper records still exist and must also be protected. In 2014, many healthcare organizations failed to protect paper health records and dispose of them securely, which were involved in 22% of the year’s total.
The threat faced by healthcare organizations today is higher than ever before. As technology improves and more portable devices, wearable gadgets and new ways of storing and transmitting digital health data are adopted by the healthcare industry, data breaches will become increasingly common.
The data stored is of such value to thieves – and is stored in such large quantities -that the industry will face a constant battle to try to stay ahead of cybercriminals. Unless HIPAA rules are adhered to and covered entities adopt robust security systems to protect electronic health records and personal information, data breaches will continue to occur.
It may not be possible to eliminate all threats, but conducting frequent risk analyses and developing the safeguards to address any vulnerabilities that are identified, are the best ways organizations can improve their defenses.
According to the report, “It is not possible to adequately assess security risk without identifying real vulnerabilities and developing (and implementing) a remediation plan to address them.”
Further information on the 2014 report on PHI breaches can be obtained from Redspin