Hackermania meets The Dark Overlord with 2.3 million 2017 health data breaches

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]It’s a cage match! Reports are soaring, with a proliferation of data breaches year to date, after a relatively quiet period in 2016.

The Dark Overlord (TDO), in the mainstream news with dumping unseen Netflix program episodes on illegal file-sharing sites and demanding ransom (Guardian), also has been hard at work dumping PHI hacked from various clinics. DataBreaches.net tallied it at 180,000 records from at least nine medical clinics.

Health data security developer/provider Protenus, whose Breach Barometer tracks the numbers, counted 2.1 million breaches in 1st Quarter. March spiked with 700,000 coming from Commonwealth Health Corporation of Kentucky.

Our standby Privacy Rights Clearinghouse counted over 175,000 to date, but 160,000 came from MedCenter Health in Protenus’ total, so their net addition was 15,000. But PRC’s detail illustrates that ransomware is alive, well, and invading smaller healthcare organizations. Other reasons are unauthorized data server access, third-party vendors, email error, and theft.

16 or 27 million 2016 breaches, 1 in 4 Americans? Data, IoT insecurity runs wild (US/UK)

What’s better than a chilly early spring dive into the North Sea of Health Data Insecurity?

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/03/Accenture-Health-2017-Consumer-Survey.jpg” thumb_width=”150″ /]Accenture’s report released in February calculated that 26 percent of Americans had experienced a health care-related data breach. 50 percent of those were victims of medical identity theft and had to pay out an average of $2,500 in additional cost. One-third (36 percent) believed the breach took place in hospitals, followed by urgent care and pharmacies (both 22 percent). How did they find out? Credit card and insurer statements were usual, with only one-third being notified by their provider. Interestingly, a scant 12 percent of data breach victims reported the breach to the organization holding their data. (You’d think they’d be screaming?) The samples were taken between November 2016 and January 2017. Accenture has similar surveys for UK, Australia, Singapore, Brazil, Norway, and Saudi Arabia. Release  PDF of the US Digital Trust Report

So what’s 16 million breaches between friends? Or 4 million? Or 27 million?

  • That is the number (well, 15.9 million and change) of healthcare/medical records breached in 2016 in 376 breaches reported by the Identity Theft Resource Center (ITRC), a Federally/privately supported non-profit. Healthcare, no surprise, is far in the lead with 34 percent and 44 percent respectively. The 272 pages of the 2016 End of Year Report will take more than a casual read, but much of its data is outside of healthcare.
  • For a cross-reference, we look to the non-profit Privacy Rights Clearinghouse which for many years has been a go-to resource for researchers. PRC’s 2016 numbers are lower, substantially so in the number of records: 301 breaches and 4 million records.
  • HIMSS and Healthcare IT News insist that ransomware is under-reported, (more…)

Short-shorts for an autumn Friday

As we in the US get our first, much too early blast of Polar Vortex this season with New York area temperatures dipping into the 30s F with a snow alert tonight, we should reminisce about what seems only a few weeks ago when the keyword was ‘short’….

Coming up short in the data breach this past Monday was Anthem Blue Cross of California with their TMI emailer–containing in the subject line specific targeting/sorting patient information that direct marketers love, but don’t want you to know they see, such as “Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N”. Ooops!…Another day, not quite another breakthrough for Mount Sinai Hospital here in NY, which had your typical laptop theft compromising over 10,000 records but fortunately not SSI or insurance information….More alarming were the malware/hacker attacks. In North Carolina, Central Dermatology of Chapel Hill was compromised by malware in a key server. And further south, Jessie Trice Community Health Center of Miami, Florida was hacked by a criminal identity theft operation accessing personal data of almost 8,000  patients.  iHealthBeat, also Privacy Rights Clearinghouse, NY Times (Anthem)

A short opinion piece in HealthWorks Collective promisingly leads with:

What if we paid for patient recovery rather than just patient services? What if we paid to treat patients rather than just conditions? What if we paid to personalize care rather just population health quality measures? (more…)

The drip of data breaches now a flood: 4.5 million records hacked–update

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2014/08/keep-calm-and-encrypt-your-data-5.png” thumb_width=”150″ /]Breaking News–updated at end  Earlier this year [TTA 23 Apr] this Editor commented on the fourth annual update from the Ponemon Institute plus a qualitative study from IS Solutions that contained mostly unwelcome news for healthcare IT departments in the US. Ponemon’s new estimate of data breaches’ cost per year: $5.6 billion. While making some progress in the existential threat that data breaches present to institutional and personal security, both reports also outlined the disconnect between HIT professionals busy dealing with and sealing off the mice of internal causes versus the looming, huge menace of the external criminal threat. We now know that Godzilla has arrived and he’s stomping ‘n’ chomping. Community Health Systems of Franklin, Tennessee claimed today as part of a SEC regulatory filing that hackers originating in China breached sensitive information in 4.5 million patient records accumulated over five years during April and June using cyberattacks and sophisticated malware.  (more…)

The exploding black market in healthcare data

When medical records’ black market value is estimated at an average of $50 per record–94 percent of health care organizations have had at least one breach in the past two years–and 2 million Americans were medical identity theft victims in 2011–it’s one unpleasant ‘pointer to the future.’

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2013/08/IDExperts_Infographic_v4_72-crop1.png” thumb_width=”150″ /]Data firm ID Experts studied a decade of data breaches and notes that medical data has become very attractive to professional hackers and cyber thieves. ID Experts’ full infographic.

  • First, there is so much of it with the increasing electronification of health data.
  • Second, so much of it resides on insecure or unsecured networks: smartphone, tablet, laptop.
  • Third, organizations and individuals still are only semi-conscious of fraud reality, and are negligent and sloppy when it comes to securing devices and over-reliance on the cloud without tight enterprise security. The new and underfunded health insurance ‘exchanges’ are particularly vulnerable as they, as well as other healthcare organizations, can over-rely on technology to protect data–which clever hackers can work around. Moreover, they can extract and sit on data till the trail goes cold. (Scroll down infographic to find out more). Also Ponemon Institute’s recent report in Healthcare Technology Online.

ID Experts’ study conclusions are reinforced by the California State Attorney General’s report that 55 percent of breaches “were intentional intrusions by outsiders or by unauthorized insiders” and that healthcare breaches were the third largest in reported incidents. A counter-measure may be the Medical ID Fraud Alliance, a collaboration in progress that is planned to include the Federal Trade Commission, the Secret Service and the Veterans Administration. More in Amednews.com (published by the American Medical Association)

Healthcare breaches due to criminal activity and plain error are becoming more common as well. All one has to do is bop over to Privacy Rights Clearinghouse, click on ‘MED’ for healthcare and 2013 and check the frequency to date (113) of breaches both tiny and huge. (By comparison, full year 2012 totaled 224.) Our TTA ‘Into The Breach’ Awards go to:   (more…)