Nearly 1.13 million patient records were breached between January and March 2018, according to a report presented by the Protenus Breach Barometer this week at the annual PANDUS Conference in Baltimore.
Deriving information from the AI-powered Protenus platform, researchers found an average of at least one data breach occurred each day out of 110 disclosed during the quarter, with many committed by healthcare employees.
“Healthcare organizations have been doing their best to utilize existing tools to detect threats to patient data, but due to limited resources and the use of primitive legacy technology, only a small amount of breaches are actually detected,” Robert Lord, co-founder and president of Protenus, told HCB News. “On any given day, there are millions of accesses to patient data within a single hospital's EHR. Healthcare organizations simply don't have the resources to review all those accesses.”
More than 77 percent of privacy violations were perpetrated by healthcare employees seeking to view records of family members, followed by those of co-workers, neighbors and VIPs.
The single largest breach took place at a healthcare organization in Oklahoma, initiated by an unauthorized third-party that gained access to the health system’s network of stored patient billing information of 279,856 patients.
The report also recorded repeat statistics, finding those that breached patient data once were more than 20 percent likely to do so again in three months time and more than 54 percent likely in a year’s time.
The results highlight the lack of proper detection, education and reporting protocols of healthcare organizations, along with the need for more proactive monitoring for all forms of access to patient data.
Lord says the advent of AI for alerting hospitals has helped minimize impact, and that with additional steps, healthcare organizations can further mitigate damage and risks of being breached.
"Technology now exists that uses artificial intelligence to alert hospitals when there is a potential breach," he said. "When healthcare organizations make the transition from a reactive security posture to one that is proactive, it allows them to respond immediately and mitigate a breach's impact to the organization and its patients. This is a critical step in getting ahead of the data breaches that are continuing to plague the healthcare industry."
More than 5.5 million patient records were breached
in 2017, according to another report by Protenus. The amount of records breached in 2016 were five times greater, however, totaling 27,314,647. This was largely due to numerous large-scale hacking incidents that occurred in the latter part of that year.