According to Verizon Enterprise Solutions' inaugural Protected Health Information (PHI) Data Breach Report, fully 90 percent of industries have experienced a data breach that exposed PHI.
The report, which will be released in full next month, is based on an analysis of 1,931 breaches in 25 countries involving more than 392 million records. Of 20 sectors studied, only the utilities and management industries had no reported PHI breaches.
"Protected health information is like gold for today's cybercriminal," report lead author Suzanne Widup said in a statement. "What makes our findings even more troubling is that many sectors -- especially those outside of the healthcare industry -- aren't even aware that they hold this type of data. The ramifications of stolen medical information can have significant consequences for the safety and well-being of the patient."
Breaches like these happen on a regular basis. Last month, Children's Medical Clinics of Texas began notifying almost 16,000 patients that their PHI may have been accessed when a former employee stole patient records from the facility. The records held patients names, birthdates, diagnoses and treatments (h/t HIPAA Journal).https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Thereafter, logs revealed the employee also improperly accessed patient health information by logging into patient records and providing a screenshot of patient records to an identified third party," the organization wrote in a notification letter [PDF] to those affected. "This third party, who was a disgruntled ex-employee, appears to have a retaliatory agenda against the clinic."
And University of Cincinnati (UC) Health recently began notifying 1,064 patients that their personal information may have been exposed when nine emails containing PHI that were supposed to be sent internally within UC Health were sent to an external email address instead (h/t HealthITSecurity).
The information potentially exposed includes patient names, birthdates, medical record numbers, dates of service, physician names, and diagnoses.
"UC Health blocked any further UC Health-originated emails from going to the unauthorized domain, and is working with a forensic investigative firm to assist with the ongoing investigation," the organization said in a statement.
A recent survey of healthcare executives found that 81 percent of healthcare organizations have been compromised by malware, botnets or cyber attacks at least once in the past two years.