Corporate TIPS Blog: Record Number of Health Care Data Breaches Recorded by the Office for Civil Rights in July 2019
By Craig S. Horbus & Laura F. Fryan on October 08, 2019
As an industry, health care seems to lag behind other sectors when it comes to information technology (IT). This has not always been beneficial; however, in the case of data breach incidents, any delayed effects are welcome. It appears the time is up.
The Office for Civil Rights (OCR), the agency responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA), reported the highest number of health care data breaches in July 2019. Fifty breaches occurred, affecting more than 500 records and exposing more than 35 million patient records. While a significant portion of these breaches was the result of one major data breach at the American Medical Collection Agency, this increasing trend for the health care industry cannot go unnoticed any longer.
For many health care providers, from solo practitioners to large health systems, HIPAA compliance is ingrained. Safeguarding protected health information (PHI) is part of the day-to-day duties of every health care provider. Perhaps the industry’s familiarity with HIPAA compliance has clouded its ability to see the big picture. The HIPAA Journal reported that the recent uptick in data breaches is the result of the increase in the number of phishing and ransomware attacks.
No practice is too small or too immune from sophisticated data hackers whose job it is to troll IP addresses, emails, and networks around the clock looking for a single instance of vulnerability. While it may seem that your email account would be a boring find to any lurking hacker, the truth is, all they need is one insignificant nugget of data. A behind the scenes hacker can piece together or sell those seemingly innocent data elements to create a larger scheme, which leads to larger breaches and data compromises.
In one of our recent Corporate Practice Group blogs on preventing data breaches, we list several solutions that are applicable to the health care industry as well. Keep cybersecurity on your radar. If your practice is small or has limited resources to manage this project, contact an IT vendor for outside support — health care providers can no longer rely on the industry’s lag in IT to solve this problem.
Brouse McDowell offers legal services in health care and cybersecurity and data privacy, including pre-breach and cybersecurity planning services with policies and procedures and other compliance services. We have expertise in health care operations and technology. Contact us for more information.