Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
It seems as though each month, healthcare hacking incidents increase, and March was no different. The Department of Health and Human Services Office for Civil Rights publicly reports breaches affecting 500 or more patients to their online breach portal. In March, there were 43 hacking incidents reported, affecting 2,867,472 patients. Details on March reported healthcare hacks, behavioral health hacks. Also discussed are things you can do to prevent evil-doers from hacking healthcare on your watch.
March 2021 Healthcare Hacks
Most months, the major cause behind reported breaches is hacking incidents. Although there were other causes behind March’s breaches, such as unauthorized access or disclosure of protected health information, healthcare hacks made up 98% of the breaches reported in March 2021. There are different ways that hackers can infiltrate an organization to steal or corrupt sensitive data. These include network server, email, and electronic medical records hacks. The most common access point reported in March healthcare hacks was network server access, with 81.57% due to these attacks. Email hacking incidents followed up 18.01%, while 0.42% of incidents were through electronic medical record access.
Behavioral Health Hacks
A significant number of behavioral health patients were affected by healthcare hacks, with 791,124 patients’ PHI compromised in March. This made up 27.59% of the total patients affected by March’s hacking incidents.
Behavioral health hacking incidents included:
- Health Net Community Solutions: 686,556 affected patients
- California Health & Wellness: 80,138 affected patients
- Haven Behavioral Healthcare: 21,714 affected patients
- Child Focus, Inc.: 2,716 affected patients
Protecting Against Evil-Doers Hacking Healthcare on Your Watch
Healthcare organizations that are HIPAA compliant are less likely to fall victim to hacks for a few reasons.
- HIPAA Training. A major reason behind healthcare hacks is human error. Lack of awareness of HIPAA requirements, and cybersecurity best practices, can lead employees to cause incidental breaches. This is why HIPAA training is so important.
- Policies and Procedures. Policies and procedures create guidelines for proper uses and disclosures of PHI, secure PHI, and report a breach of PHI. Without adequate policies and procedures, healthcare hacks can easily escalate to an unmanageable level.
- Increased Security. As the HIPAA Security Rule requires organizations to ensure the confidentiality, integrity, and availability of PHI, HIPAA compliant organizations are inherently more secure.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance, with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
HIPAA Compliant Cybersecurity for Professionals
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.