Between 2018 and 2019, the Identity Theft Resource Center (ITRC) reports that data breaches increased by 17 percent, with healthcare listed as a top industry impacted by these events. According to researchers, “hacking” is responsible for the highest percentage of data breaches, while “unauthorized access” is the second most common breach method.
ITRC Board Chair Matt Cullina says the statistics reinforce the need for healthcare organizations to “be vigilant in protecting data and systems, ensuring they have current protections in place, because even non-sensitive data exposure can lead to more serious issues.”
In order to reduce the likelihood of an adverse event, the study encourages healthcare systems to “share more information about the root cause of a breach and the number of people/accounts/records impacted by the event.” This knowledge, they say, can help information security teams to “adequately prepare for or defend against similar attacks.”
ITRC notes that 2019 did see a 65 percent decrease from 2018 in sensitive records exposed.
Click here to access the full ITRC report.
MLMIC offers a number of resources that can help policyholders mitigate risk of a data breach:
- Your Data Security Protocol Must Protect ePHI on Portable Devices Even in the Event of Theft, a blog post on developing a proactive approach to data security;
- New Cybersecurity Protocol for New York State Healthcare Organizations, a blog post on New York State cybersecurity protocols for safeguarding private information;
- Resolving Health IT-Related Patient Safety Events, a blog post with guidance for improving patient safety through proper reporting of adverse Healthcare Information Technology events;
- Are Your Patients’ EHRs Vulnerable to Hacking and Ransom Demands?, a blog post on the importance for all health care providers to be proactive and diligent when it comes to security measures for electronic data; and
- Security of Patient Information and Health Information Technology, a risk management tip for maintaining the security of computers and other electronic devices in medical offices and hospitals.