HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

2014 Likely to See Surge in HIPAA Data Breaches

A new report released by the Experian credit bureau predicts that 2014 is likely to be a major year for data breaches, with a surge in numbers expected over the course of the year. The report also predicts the healthcare industry will be hit hard.

The report says that the reason healthcare is so susceptible to attack is the sheer size of the industry. There is what the report calls an “expanded attack surface for breaches,” due to new EHRs and Health Insurance Exchanges (HIEs), while the value and volume of data held hakes healthcare providers attractive targets for cyber criminals.

Experian offers credit monitoring services, but also assists customers to recover from data breaches. The company indicated that 46% of data breaches that it dealt with last year were from the healthcare industry.

The report cites a number of reasons why data breaches are expected to rise, and indicates it is mainly due to the huge organizational infrastructure changes that are required under the Affordable Care Act, HIPAA, HITECH and other legislation together with general unpreparedness, a huge number of people who have access to data and general tightening of the rules governing data access.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

However, many data breaches are being caused by carelessness. Doctors now have to become more and more involved in the document management process and they are not ideally equipped for that or prepared to take on the responsibility. Unfortunately, laptop computer theft and the loss of other devices is proving to be a major problem

It is the low-tech data breaches which really must be targeted, although many organizations are concerned with preventing highly sophisticated attacks using malware, viruses and complex phishing campaigns.

How Complex Security Defenses are Undone by Employees

The purchase of a firewall is essential, but some individuals then fail to turn it on. Anti-virus software is installed, yet not set to update automatically. Anti-malware software is not activated and rooms containing IT equipment such as network servers are left unlocked. These are issues which must be immediately addressed to prevent data breaches.

The report showed that out of the 2,200 breaches, three in the top ten were caused by human error and sloppy security practices. Default logins and passwords not being changed or disclosures of passwords can, and do, lead to data breaches.

The report placed the value of healthcare data at approximately $12 a record, but some data is more valuable and if healthcare data is included, records can sell for more than $50 – the reason being healthcare data allows criminals to commit insurance and medical fraud.

Due to the high risk of suffering a data breach it is essential that organizations get prepared and have a breach response plan in place. It is highly probably that it will need to be put into action.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.