October 2017 Healthcare Data Breaches


Healthcare data breaches by month (July-October 2017)




2017 has been a busy year for HIPAA and security analysts as the year ends with a large number of data breaches. October has been reported to have 27 data breaches which resulted in about 71,377 thefts or exposures. October is reported to have the least amount of breaches, the highest being September.

Main targets have been the healthcare providers where in October, 19 breaches were reported.There were six data breaches reported by health plans and at least two incidents involved business associates of HIPAA-covered entities.

October 2017 healthcare data breaches by covered entity type
Main causes of these incidents in October were the result of unauthorized access. 14 breaches were reported to be unauthorized access, 8 hacking incidents and 4 theft cases, and 1 non-encrypted hardware loss.
healthcare records breached July-October 2017
Breaches in October were reported between 22 states, highest reported state is Florida with 3 breaches. Other states included in the breaches are: Alabama, Arizona, California, Connecticut, Georgia, Iowa, Illinois, Kansas, Kentucky, Louisiana, Missouri, North Carolina, Ohio, Rhode Island, Tennessee, Texas, Virginia, and Washington


Breached EntityEntity TypeBreach TypeIndividuals Affected
Chase Brexton Health CareHealthcare ProviderHacking/IT Incident16,562
East Central Kansas Area Agency on AgingBusiness AssociateHacking/IT Incident8,750
Brevard Physician AssociatesHealthcare ProviderTheft7,976
MHC Coalition for Health and WellnessHealthcare ProviderTheft5,806
Catholic Charities of the Diocese of AlbanyHealthcare ProviderHacking/IT Incident4,624
MGA Home Healthcare Colorado, Inc.Healthcare ProviderHacking/IT Incident2,898
Orthopedics NY, LLPHealthcare ProviderUnauthorized Access/Disclosure2,493
Mann-Grandstaff VA Medical CenterHealthcare ProviderTheft1,915
Arch City Dental, LLCHealthcare ProviderUnauthorized Access/Disclosure1,716
John Hancock Life Insurance Company (U.S.A.)Health PlanUnauthorized Access/Disclosure1,715


https://www.hipaajournal.com/october-2017-healthcare-data-breaches/

Comments

Post a Comment

Popular posts from this blog

How Can Healthcare Organizations Prevent Phishing Attacks?

Phishing sites have become a major issue, especially since the number of these sites is growing rapidly. Webroot reported in December 2016 that there are more than 13,000 new phishing sites created every day, nearly 390,000 each each month. By the third quarter of 2017, the number of phishing sites grew by more than 46,000 per day, roughly 1,385,000 per month. On average a phishing site can be up and running anywhere from 4-6 hours before it is blacklisted. To fight this, companies need to create a better way to detect phishing sites. Although 4-6 hours is a short time, these sites can capture thousands of credentials before being shutdown. Not only do these sites show a high success rate, they also contain SSL Certificates; this "ensures" the end user that the site is safe. Phishing sites do user their own domains, however DUO showed that many legitimate sites are being compromised and phishing kits are being loaded onto them. The study identified more than 3,200 unique fis...
Read more

Tips for Reducing Mobile Device Security Risks

Security has always been an issue. Recently personal health records have become a target to hackers. HIPAA compliance is now enforcing to limit these hacks which are mainly targeted through mobile devices. Due to the rise in mobile medical practice such as Apple Watch, Fitbit, and other methods to track ones medical information, these devices are easily hackable. Laptops are another potential because of the access a patient can have to their online medical records. Between January 2015 and October 2017, there have been 71 reported breaches which involved laptops, smartphones, tablets and portable storage. These breaches have exposed nearly 1,303,760 patient information including plan numbers and records.  The table below shows the impacted organizations and the penalty that was handed down for failing to comply with HIPAA. Covered Entity HIPAA Violation Individuals Impacted Penalty Children’s Medical Center of Dallas Theft of unencrypted devices 6,262 $3.2 million Oregon Healt...
Read more