Hacks Causing Most Big Health Data Breaches So Far in 2022
Only One Other Type of Breach Has Been Posted to the Federal Tally This Year
Keith Fricke, principal consultant at privacy and security consultancy tw-Security, says it is a challenge for many covered entities and business associates to monitor the “surface area” of their organizations, especially if they are focused on preventing and detecting hacking incidents.
For instance, insider incidents have been more prevalent during COVID-19 due to snooping in patient records of co-workers, neighbors and others, he says. “It is difficult for organizations to monitor so many moving parts while it only takes one successful attack to gain unauthorized access to systems or information.”
“Besides snooping activity falling through the cracks, loss or theft of a personally owned device, especially smartphones with access to company email can also be missed – or at least delays in detection. IT may not become aware of a missing personal smartphone until the employee contacts IT, requesting reestablishing access to the corporate email system.”
Tom Walsh, president of tw-Security, suggests that to help detect hacking incidents and other breaches compromising PHI, entities should perform a periodic dark web scan for the domain name of the organization and/or their public IP addresses.
Those scans can show whether cybercriminals have posted any information about the organization, or data that may have been obtained through an attack or data exfiltration, he says.
Walsh also says organizations should consider retaining at least one year’s worth of key log data.
Fricke says breaches due to hacking will continue, especially incidents involving servers, which tend to store large amounts of sensitive information.
Of the 50 IT/hacking incidents posted on the HHS tally so far in 2022, 35 breaches – or 70% – were reported as involving servers as the “location” of the breach. The others were reported as involving email as the “location” of the breach.