Health Data Breach Tally: What’s New
Hacks, Thefts and Business Associate Breaches Among the Incidents Added
“…What is worth mentioning is that … the largest two breaches [reported in 2019] involve business associates,” notes privacy and security consultant Susan Lucci of tw-Security, referring to the incidents reported by All-Star Orthopaedic and BenefitMall.
HHS data in 2017 and 2018 indicates that business associates were implicated in about 25 percent of major reported health data breaches, she notes. “Business associates really need to step up their security defenses to protect protected health information and personally identifiable information to guard against the evolving efforts of cybercriminals to exploit confidential information,” she says.
So what should covered entities and business associates be doing to address these growing concerns?
“Create or review and update your security risk analysis,” Lucci advises. “This needs to be done every year without fail. Take a serious review of policies, procedures and workforce training. If these haven’t been updated in the last two years, the information has grown stale, it’s not keeping up with real security threats, and your workforce, where most security incidents begin, likely aren’t engaged in the training…”