We've examined 2020 HHS breach data for combined large and small incidents to gain insight on trends and provide recommendations for most effectively protecting patient privacy. Our most notable finding may come as a surprise.
HHS recently reported to Congress on healthcare’s 2020 patient data breach information for both large and small incidents (affecting more than 500 patient records vs. fewer than 500). Combined, the number of breaches rose 6% year over year, the largest annual increase since 2015, while associated monetary penalties skyrocketed from $7 million to $13 million dollars in the twelve-month period.
The data from this report was combined with data previously aggregated from a Freedom of Information Act request submitted by Protenus to understand the overall trends that occurred during the onset of the Pandemic. The combined dataset shows unauthorized access to patient records, mostly in the provider setting, accounted for an astounding 93 percent of all breaches in 2020. While external threats like hacking impacted the highest volume of patients, health systems have been inundated with investigations of unauthorized access that stem from their own insiders.
Download the case study on how Protenus helped one large integrated health system establish comprehensive privacy monitoring and drastically reduce investigation time.
HHS routinely shares publicly available data only for breaches that affect more than 500 patients. This view is helpful to understand the most significant threats to patients. Looking only at breaches that affect large patient volumes is not helpful for health systems, however, who are trying to understand the full spectrum of risk to their organization. Healthcare organizations are responsible for protecting patient privacy from any and all sized breaches. It’s key to understand the entire threat spectrum from the small number of high-impact events caused by incidents like hacking to the vast number of lower-impact but alarmingly frequent incidents most commonly attributed to insider unauthorized access. To best allocate resources already stretched thin, healthcare organizations must identify where their risks live — for that, they require the full story. Continue Reading >>