Breaches of USA Medical Health Information

The U.S. Department of Health and Human Services Office for Civil Rights lists USA medical health information breaches affecting 500 or more individuals that occurred within the last 2 years and that are still under investigation.

The USA medical breach data for the last 2 years is displayed as a sortable list and can be downloaded as a Spread Sheet or CSV file  for further analysis.  At the time of writing there are 354 entries from 500 individuals affected up to 10,000,000 although with the latter being such a nice round number some rounding was probably involved.  The average number of individuals per case approaches 79,000.

The nature of private health care within the USA means that medical records could be accessed by many gateways.  For example a health care provider administering the care and the insurer (health plan) taking responsibilities for the costs.  With a national health service these would be the same body and hopefully share common security protocols.  The data indicates that the majority of breaches are, however, within the  provider rather than the insurer.

  • Healthcare provider: 283
  • Health plan: 51
  • Business associate: 19
  • Unknown: 1

Relying on a private health care system also requires financial as well as medical records to be kept.  These should be kept separate but medical identity theft may offer enough clues to access financial data.  This added incentive plus the wider range of services makes the USA medical information systems an attractive target for hackers.  Data security protection and exploitation will follow the same guidelines the world over so the causes of breaches would be of interest to anyone holding medical information. Looking at the numbers below hacking is the most common cause of breaches but accounts for a little under half the cases:

  • Hacking: 149
  • Unauthorised access: 126
  • Theft: 62
  • Loss: 9
  • Improper disposal: 8

The cases of theft refer to physical theft of a device that contains the data rather than virtual theft of data from a server or workstation.  9 of the cases of theft were from paper or film records and 10 from portable electronic devices.  The remaining thefts are either labelled ‘other’ or linked to theft of a computer or laptop.

Hacking is the hardest data breach to completely prevent.  Whatever methods are in place someone will be working on overcoming them, requiring a constant review of security procedures.  Kindus are in a position to offer confidential, bespoke advice on reducing the risk from hackers.  Instances of unauthorised access, theft or loss of physical data stores will be minimised by setting up good practice together with staff training to ensure that standards are maintained.  Identity theft, disgruntled or poorly informed employees are causes of leaked account details that will allow a criminal access to data by-passing any security measures that are in place as the system assumes that they are a valid user.  Kindus provide security audits and staff training to ensure that details of key accounts are not leaked.

Devices can be physically secured to reduce the risk of theft.  With network and cloud based storage there is less need to keep records on physical devices than in the past.  Where it is still required access to those devices should be restricted with strong encryption that prevents the data itself from being accessed by an unauthorised user or from unauthorised locations.

More from Pharmaceutical & Security

13/05/2024

eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post

08/05/2024

Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post

23/04/2024

UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post

25/03/2024

Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories