2017 Health Data Breach Tally: An Analysis
Experts Analyze Whether the Stats Signify Real Progress
Compared to the mega-breaches that hit the healthcare sector in 2015 and 2016, the top 10 breaches reported for 2017 were far smaller. The 10 largest incidents of 2017 reported so far affected a combined total of just 2.6 million individuals. And as of Dec. 21, a total of 335 health data breaches impacting more than 4.9 million individuals had been added to the federal breach tally in 2017. As of Dec. 21, some 2,158 breaches affecting nearly 176.5 million individuals had been posted to that federal tally since it was initiated in September 2009. So what has led to the big drop in mega-breaches in the past year?
“I have a few theories on this,” says Keith Fricke, partner and principal consultant at tw-Security. “Perhaps after the large breaches in 2015, more organizations housing large amounts of protected health information raised the bar on their security posture, thereby reducing opportunities for criminals to exploit vulnerabilities. But it is possible that some yet-to-be-discovered large breaches are out there. Some metrics show that the average time between a hacker’s first unauthorized access and when they are discovered is around 200 days, which is about 6.5 months.”
…….. Entities need to reinforce with their workforces the critical practices to reduce the risk of unintentional insider breaches, Fricke says. “As always, recurring workforce training helps keep security and privacy top of mind, which can reduce the risk of accidental incidents,” he says. “Breaches caused by insiders with intent can be reduced or avoided with improved monitoring and alerting. These days, it is more practical to outsource that monitoring to a third party with resources to watch activity around the clock.”