Congratulations to tw-Security—2024 Best in KLAS® Security & Privacy Services!

We're #1! Thank you to all our partners and customers!

Hacks Causing Most Big Health Data Breaches So Far in 2022

Only One Other Type of Breach Has Been Posted to the Federal Tally This Year

Keith Fricke, principal consultant at privacy and security consultancy tw-Security, says it is a challenge for many covered entities and business associates to monitor the “surface area” of their organizations, especially if they are focused on preventing and detecting hacking incidents.

For instance, insider incidents have been more prevalent during COVID-19 due to snooping in patient records of co-workers, neighbors and others, he says. “It is difficult for organizations to monitor so many moving parts while it only takes one successful attack to gain unauthorized access to systems or information.”

“Besides snooping activity falling through the cracks, loss or theft of a personally owned device, especially smartphones with access to company email can also be missed – or at least delays in detection. IT may not become aware of a missing personal smartphone until the employee contacts IT, requesting reestablishing access to the corporate email system.”

Taking Action

Tom Walsh, president of tw-Security, suggests that to help detect hacking incidents and other breaches compromising PHI, entities should perform a periodic dark web scan for the domain name of the organization and/or their public IP addresses.

Those scans can show whether cybercriminals have posted any information about the organization, or data that may have been obtained through an attack or data exfiltration, he says.

Walsh also says organizations should consider retaining at least one year’s worth of key log data.

Future Trends

Fricke says breaches due to hacking will continue, especially incidents involving servers, which tend to store large amounts of sensitive information.

Of the 50 IT/hacking incidents posted on the HHS tally so far in 2022, 35 breaches – or 70% – were reported as involving servers as the “location” of the breach. The others were reported as involving email as the “location” of the breach.


For more information or to schedule a FREE initial consultation – contact tw-Security.
Read More