Privacy & Security

Healthcare still struggling to detect insider threats, even years after breaches

Nearly 500,000 patient records were reported breached in September, according to the latest Protenus Breach Barometer.
By Jessica Davis
October 19, 2017
12:50 PM

September was riddled with another long list of organizations dealing with breaches caused by insiders, and some organizations failed to discover some of these for years, Protenus’ September Breach Barometer found.

Insider-wrongdoing impacted nearly three times as many patient records as insider error in Sept. Fifteen incidents were caused by insiders, impacting at least 73,926 records. Protenus found 46,887 records were breached by wrongdoing.

What’s notable about the insider breaches is the amount of time it took an organization to discover an incident. One of insider breach took the organization nearly six years to discover.

“The longevity of this type of breach reinforces the need to have technology in place that can proactively detect a health data breach,” the report authors wrote. “It’s paramount for healthcare organizations to become more proactive and efficient at detecting these insider breaches.”

“Healthcare organizations must learn from one another and utilize necessary resources to better combat this problem that is continuously plaguing the industry,” the authors continued.

Overall, breach reporting was up from Aug., with 46 incidents in Sept. compared to 33 reported to the U.S. Department of Health and Human Services in Aug. Almost 500,000 patient records were affected in Sept., with the largest single incident affecting 128,000 patient records breached by ransomware.

Hacking caused 50 percent of Sept. incidents and accounted for 80 percent of all breached patient records.

Of the 19 hacking incidents for which Protenus had data, 401,741 patient records were breached. One incident specifically mentioned ransomware, seven were caused by phishing and eight mentioned extortion attempts -- for which the notorious hacker TheDarkOverLord (TDO) claimed responsibility.

The number of patient record impacted by TDO’s hacks is unknown, as there is currently no data on three of the extortion attempts. But DataBreaches.net reports that extortion is increasing in every sector and “healthcare sector and education sector are prime targets for extortionists due to the sensitivity of the data and the lack of security when compared to other sectors.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topics: 
Privacy & Security, Workforce

More regional news

A nurse attending to a patient in the San's Poon Day Infusion Centre

Managing a safe transition to new treatment guidelines

By
Adam Ang
April 22, 2024
Healthcare data exchange

ONC pubs Common Agreement v2.0, with regs for FHIR exchange

By
Mike Miliard
April 22, 2024
Female nurse in grey scrubs on rests on a couch with her head back

Take these steps to reduce unproductive charting for nurses, says KLAS

By
Andrea Fox
April 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Prevounce Founder Daniel Tashnek on RPM coding
Remote patient monitoring
New codes from the AMA could mean more RPM reimbursement by 2025

Most Read

25m Health taps Clearwater for scalable cyber compliance program
Children's Nebraska boosts provider experience with workforce management tools
Contributed: ​​Blockchain in healthcare and enhancing security and transparency
Mercyhealth's revenue cycle benefitted from putting staffers in the right roles
Generative AI to bring 'transformative change,' says Froedtert/Inception Health CTO
Change Healthcare cyberattack still impacting pharmacies, as H-ISAC issues alert

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Artificial Intelligence
Analytics
Analytics

Video

Dr. Monika Sonu at Healthinnovation Toolbox_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How to build digital health tools with the clinician in mind
MaryAnn Connor at Memorial Sloan Kettering Cancer Center_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Care problems become technology systems via nurse informaticists
Dr. Donald Warne at the Center for Indigenous Health at Johns Hopkins_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Indigenous communities need to be engaged with healthcare choices
Naomi Escoffery at the Defense Health Agency_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
DoD health systems take a proactive approach to digitization

More Stories

Penn Medicine's Perelman Center for Advanced Medicine
Conversational AI improves 'fourth trimester' maternal care at Penn Medicine
Close-up of doctor lookin at data on a tablet
Doctors are getting on board with genAI, survey shows
Naomi Escoffery at the Defense Health Agency_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
DoD health systems take a proactive approach to digitization
Dr. Emily C. Webber at Indiana University Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How text messaging can help improve health equity
Person with gray hair and glasses surfs looking at a tablet
Sharing hospital website user data with 3rd parties is common, study shows
Digital grid overlaid on cityscape
AHA concerned over penalties for cybersecurity standards
Sentara Health's Kelsey Jones, RN, on nursing technology
Sentara Health team creates nursing tool to more evenly distribute workload, fight burnout
King Abdulaziz Medical City
In Saudi Arabia, machine learning model helps reduce outpatient no-shows