by John R. Fischer
, Senior Reporter | February 02, 2018
More than 5,500,000 patient records were breached in 2017 with an insider threat responsible for the single largest one of the year, according to a report released by Protenus Breach Barometer, an artificial intelligence platform that evaluates actions inside medical records.
Surmounting to 5,579,438 in total, the number of breaches indicates a small increase in the number of health care breaches from 450 reported in 2016 to 477 in 2017 with both figures representing an average of more than one health data breach per day. Of these, insider threats made up 37 percent.
“This continues to highlight the pressing need for health care to embrace a culture of innovation, moving from a reactive posture in which entities wait for a privacy violation to be brought to their attention, to one that is proactive,” Robert Lord, co-founder and president of Protenus and a co-author of the report, told HCB News. “A proactive posture will allow health care organizations to detect privacy violations as soon as they occur, mitigating the breach and reducing the overall impact to the organization and its patients.”
Records affected by data breaches in 2016 amounted to 27,314,647, five times greater than those affected in 2017, due to numerous large hacking incidents that took place in mid-2016.
An organization in 2017 was found on average to be unaware of a breach for a total of 308 days. An issue that enables many types of breaches, especially insider threats, to go unnoticed for long periods of time, which can expand even to years.
An example of this is a hospital that was unaware that one of its employees was sifting through information of 1,100 patients over a 14-year period.
The largest of such breaches that took place in 2017 involved an employee of a hospital in Kentucky who inappropriately accessed billing information for 697,800 patients over multiple incidents.
Insider threats are just one of multiple breaches that pose harm to patients and providers. For instance, those perpetrated by business associates and third-parties amounted to 53 reported incidents in 2017, resulting in 647,198 records inappropriately accessed, according to the report.
Lord says the advent of new technologies, such as AI and machine learning, can greatly assist in combating these threats, but that organizations must also act on their own accord.
“In order to better detect and prevent insider breaches, organizations need to gain full visibility into how their workforce is using their EHR and ancillary systems,” said Lord. “Machine learning and AI provide the technology to allow health care systems to audit and monitor every single access to patient data every single day. It allows health systems to move away from a purely reactive posture to one that is proactive, ultimately allowing them to get ahead of a potential health data security crisis.”
While an interest among providers, the ability to combat cyberattacks is not taken seriously enough in health care. One recent survey released in December, 2017 found
that 84 percent of health care providers lack reliable leadership for combating cyberattacks such as breaches, and that only 11 percent plan to introduce a cybersecurity officer in 2018.