Privacy & Security

How 3 hospital breaches went undetected for more than 3 years

Security firm’s discovery highlights why hospitals struggle to detect these lapses in security.
By Tom Sullivan
June 20, 2017
02:28 PM

Three healthcare information security incidents that happened more than 36 months ago were just discovered in May — highlighting the fact that hospitals continue struggling with breach detection. What’s more, the incidents were caused by employees.

“All three of these events were, unfortunately, due to insiders, two of which seemed to be bad actors who were accessing records over time, and one was attributable to insider error,” said Robert Lord, co-founder of security firm Protenus. “These types of events often get discovered by accident or during infrequent audits.”

[Also: Breaches like Molina Healthcare's show why you can't skimp on security]

Those weren’t the only breaches last month. The Protenus May Breach Barometer, compiled with DataBreaches.net, found 37 total incidents exposing a total of 255,108 patient records. That total, despite TheDarkOverLord posting some 140,000 patient records to the black market early in the month, was relatively similar to the number Protenus found in April and February, though the number of records exposed in March spiked upward of 1.5 million.

Protenus determined last month that healthcare organizations are getting better at breach reporting as it took 51 days to discover the incidents reported in April and 59 days to alert the U.S. Department of Health and Human about those.

Even still, the insider threat persists and, in May, comprised 40 percent of all total breaches. Protenus compiled statistics on 10 of the 15 insider incidents, five of which were the result of wrongdoing affecting 20,335 patient records; it’s worth noting that the five malicious insiders is the total and the aforementioned two bad actors refers specifically to the incidents that lasted more than 3 years.

“The damage associated with these events only grows over time,” Lord added. “This data, and recent OCR actions, suggest that the ‘we don't have the resources to do this now’ strategy of putting off this type of proactive work just isn't going to cut it in an environment where most threats come from insiders.”

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Privacy & Security

More regional news

HIMSSCast podcast

HIMSSCast: New analytics strategies for patient-centric pop health

By
Mike Miliard
April 19, 2024
Penn Medicine's Perelman Center for Advanced Medicine

Conversational AI improves 'fourth trimester' maternal care at Penn Medicine

By
Bill Siwicki
April 19, 2024
Close-up of doctor lookin at data on a tablet

Doctors are getting on board with genAI, survey shows

By
Andrea Fox
April 19, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Penn Medicine's Perelman Center for Advanced Medicine
Success Stories & ROI
Conversational AI improves 'fourth trimester' maternal care at Penn Medicine

Most Read

Ukrainian man pleads guilty to 2020 UVM cyberattack
DOJ, international partners seize LockBit servers, provide decryptors
Change Healthcare experiencing a cyberattack
25m Health taps Clearwater for scalable cyber compliance program
Contributed: ​​Blockchain in healthcare and enhancing security and transparency
Change Healthcare cyberattack still impacting pharmacies, as H-ISAC issues alert

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Artificial Intelligence
Analytics
Analytics

Video

Dr. Donald Warne at the Center for Indigenous Health at Johns Hopkins_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Indigenous communities need to be engaged with healthcare choices
Naomi Escoffery at the Defense Health Agency_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
DoD health systems take a proactive approach to digitization
Dr. Emily C. Webber at Indiana University Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How text messaging can help improve health equity
Tony Black at Kyndryl_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Hospitals must start business continuity planning

More Stories

Wagner Amaral, growth markets health industry lead at Avanade
Enhance collaboration and productivity while securing digital assets
Marina El Khawand at Medonations_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
From scout service to crowdsourcing relief
motherboard with lock in blue light representing cybersecurity
Healthcare still underprepared for scope of cyber threats, says Kroll report
Andy Chu of Providence on tech spinoff
Tech spinoff enables Providence to go from building three new app features a year to 40
Close-up on handshake of two people in suits.
Salesforce may be in talks to buy Informatica
Fragmented data is a barrier to improved cancer treatment goals
Consolidated radiology and pathology data brings precision to cancer care
Patricia MacTaggart at George Washington University_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
AI policy can benefit from past technology rollout lessons
Two information workers with abstract of data
10 tips to avoid planting AI time bombs in your organization