Before February 2015, 2014 had been referred to as the year of the data breach, with a huge number of data breaches reported, and some of the largest ever healthcare data breaches suffered. However, then the Anthem cybersecurity breach occurred, which changed how data breaches were measured. 78.8 million records were exposed in that one incident alone.
Following that, two 11 million record breaches were suffered, and recently the UCLA Health and Medical Informatics Engineering data breaches exposed 4.5 million and 3.9 million records respectively. 2014 may have been the year of the data breach, but 2015 is turning out to be the year of the mega data breach.
It is perhaps no surprise that the total number of data breach victims reported in 2015 has now exceeded 100,000,000 individuals. The figure stands at 102,534,967 so far, and there are still five months left of the year to go.
Breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights give an indication of the current state of healthcare data security. This July, security incidents have been detected that have exposed millions of patient records; a summary of July 2015 data breaches is detailed in the infographic below.
The problem does not appear to be confined to one particular media; although paper record/film have been cited in a high percentage of data breaches. Better physical security, control of records and staff training are essential to reduce the risk of data breaches being suffered.
Employee negligence has been at the heart of a high percentage of data breaches in July, and throughout the year. Training, and the provision of the right HIPAA-compliant tools and communication systems, can significantly reduce breach risk.
Business Associates have adapted to HIPAA Rules over the last 12 months and have been involved in substantially fewer breaches than in 2014, although healthcare providers continue to expose PHI as a result of poor training, insufficient security defenses and a lack of data encryption. Only by investing in better data security technologies, and developing a risk aware culture among the workforce can the risk of data breaches being suffered be effectively managed.