Mar 25

Insider threat health data breaches doubled in February, Protenus says

The good news? Hacking was down and only comprised 12 percent of reported incidents during the last month.


By Jessica Davis | March 20, 2017

The number of healthcare security breaches caused by insiders doubled from January to February, according to the latest Protenus Breach Barometer.

While both January and February had the same number of total breaches — 31 apiece, February saw a 47 percent drop in affected patient records. There were 206,151 in February as opposed to the 388,307 reported in January. Officials said the largest single breach involved 100,000 patient records, which stemmed from insider-error.

Protenus, working with, calculated its totals from Health and Human Services data, media and other source reports. Details were available for 26 incidents.

Hacking was down to 12 percent of the incidents, while 58 percent or 9 of February’s breaches were due to insider wrong-doing. In fact, 146,162 patient records were exposed from insiders January, in comparison to 44,144 last month.

Third-party breaches accounted for only 21 percent of exposed patient records.

Timeliness is another notable fact of this month’s Breach Barometer. It took two organizations more than five years to discover that a breach had occurred. Further, it was an average of 478 days from the time of breach until the Department of Health and Human Services was notified — far worse than the January average of 174 days.

While ransomware attacks hit a stride in 2016, it’s important to note that many of those events weren’t reported as breaches. In fact, only 9 malware or ransomware attacks were reported to HHS last year.

HHS requires all organizations to report breaches within 60 days of the initial discovery. A rule Metropolitan Urology Group took seriously, as it used  that exact amount of time to notify HHS, the media and the 18,000 affected patients on March 10.

The Raven Group is a Corporate Counterintelligence consulting firm that helps companies protect their trade secrets, intellectual property (IP), employees, and reputation.  Raven’s consultants have spent a lifetime protecting our nation from threats of every kind and are second to none.  Let us bring that expertise to your company.

Leave a Reply

Your email address will not be published. Required fields are marked *