The majority of the email incidents involved the theft of employee credentials in phishing attacks. 21 breaches involved protected health information stored in email accounts. The vast majority of incidents involved the hacking of network servers however, email accounts continue to be compromised at high rates. The mean breach size was 4,052 records and the median breach size was 1,038 records. There were two theft incidents reported involving a total of 2,275 records and one improper disposal incident involving 122,340 electronic health records. 52,676 healthcare records were impermissibly viewed or disclosed to unauthorized individuals across those incidents. There were 13 reported unauthorized access/disclosure incidents, which include misdirected emails, mailing errors, and snooping by healthcare employees. The mean breach size was 103,718 records and the median breach size was 4,185 records. That’s 96.82% of all records breached in July. There were 52 reported hacking/IT incidents in which the protected health information of 5,393,331 individuals was potentially compromised. Hacking/IT incidents, of which ransomware accounts for a many, dominate the month’s breach reports. Mechanisms therefore need to be implemented to reduce the harm that can be caused. The National Institute of Standards and Technology (NIST) has also updated its cybersecurity guidance on building resilient computer networks, with the emphasis now shifting away from perimeter defenses to assuming attackers have already gained access to the network. To help combat this rise in double extortion ransomware attacks, new guidance has been released by the Cybersecurity and Infrastructure Security Agency. Victims are required to pay to prevent the publication or sale of the stolen data as well as a payment to obtain the keys to decrypt files. The majority of ransomware gangs (and their RaaS affiliates) are now exfiltrating sensitive data prior to using ransomware to encrypt files. Those attacks can easily result in the theft of large amounts of healthcare data. Improper disposal of electronic medical recordsĬauses of July 2021 Healthcare Data BreachesĪs the table above shows, ransomware continues to be extensively used in cyberattacks on healthcare organizations and their business associates. Professional Business Systems, Inc., d/b/a Practicefirst Medical Management Solutions/PBS Medcode Corp Ransomware was used in the attack and the healthcare data of 1.2 million individuals was potentially exfiltrated. ![]() The second largest data breach was reported by Practicefirst, a New York business associate of multiple HIPAA-covered entities. Hackers gained access to parts of its network that contained the protected health information of 2.4 million individuals. The exact nature of the attack was not disclosed so it is unclear if ransomware was used. The largest healthcare data breach to be reported in July was a hacking/IT incident reported by the Wisconsin healthcare provider Forefront Dermatology. Two healthcare data breaches stand out due to the sheer number of healthcare records that were exposed – and potentially stolen. That’s an average of 58.8 data breaches and around 3.70 million records per month! Largest Healthcare Data Breaches in July 2021 Over the past 12 months, from the start of August 2020 to the end of July 2021, there have been 706 reported healthcare data breaches of 500 or more records and the healthcare data of 44,369,781 individuals has been exposed or compromised. The number of breaches was slightly lower than June, but the number of records exposed or compromised in those breaches jumped sharply, increasing by 331.5% month-over-month to 5,570,662 records. ![]() In July, there were 70 reported data breaches of 500 or more records, making it the fifth consecutive month where data breaches have been reported at a rate of 2 or more per day. High numbers of healthcare data breaches continued to be reported by HIPAA-covered entities and their business associates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |