Analysis: Health Data Breach Tally Trends
Hacks, Unauthorized Access/Disclosure and Theft Incidents Top the List
The addition to the federal tally in recent weeks of about three dozen major health data breaches, including many hacking and unauthorized access/disclosure incidents, pushed the total number of breach victims so far this year to almost 2.9 million.
Susan Lucci, a senior privacy and security consultant at tw-Security, suspects that some entities are also finally getting better at safeguarding their systems and data from massive attacks.
“The lessons from the big 2015 breaches were taken seriously.”
—Susan Lucci, tw-Security
“Larger organizations have recognized the importance of investing in better security measures and taking necessary steps to protect health data from intrusion,” she notes. “The lessons from the big 2015 breaches were taken seriously. These types of additional security measures are an important investment.
You cannot protect what you don’t evaluate for risks, and this is why the comprehensive security risk analysis is so critical to all organizations.”
A number of factors contribute to the ongoing breach problem involving unencrypted devices, Lucci says.
“One is that perhaps organizations do not know how much – if any – protected health information is on their unencrypted laptops,” she says. “Perhaps [the devices] are leaving the facility without specific permission.
“It is absolutely worth the time and investment to become more aware of these issues and simply invest in encryption of these mobile devices.”
The HHS Office for Civil Rights has long been emphasizing the importance of encrypting mobile devices. The agency has had a number of HIPAA enforcement actions with multimillion-dollar fines following investigations of breaches involving unencrypted devices.