Human Error Main Cause of Data Breaches Says Baker Hostetler Report
The Ponemon institute released a study this week indicating that criminal activity was the main cause of HIPAA breaches, with OCR breach report data suggesting the same; however, according to a data security report produced by law firm BakerHostetler, human error is most often to blame. The legal firm analyzed data from more than 200 incidents that the firm advised on in 2014, with the clients coming from education, retail, insurance, technology, entertainment, hospitality, the financial services and the healthcare industry, with the latter accounting for the majority of data breaches dealt with by the firm. Over a third (36%) of the firm’s clients that had experienced a data security incident during 2014 attributed it to employee negligence. Data theft by outsiders caused 22% of security incidents with theft by insiders joint third with malware, both being implicated in 16% of incidents. Phishing attacks caused 14% of data breaches. Healthcare Industry Hardest Hit The high proportion of healthcare data breaches included in the report is partially due to the requirement to report...
HIPAA Compliance Audits: OCR Transmits Pre-Screening Surveys
According to a recent article in Lexology, the Department of Health and Human Services’ Office for Civil Rights has started transmitting pre-screening surveys to HIPAA-covered entities signaling the start of the long-awaited second round of HIPAA compliance audits. However, the OCR has yet to post a notice on its website to that effect. OCR Prepares for the Second Phase of Compliance Audits The OCR previously placed a notice in the Federal Register stating its intention to send out pre-audit screening questionnaires to up to 1200 covered entities and their Business Associates last year, allowing organizations to be contacted to assess their suitability for audit. The OCR must ensure that a representative sample of covered entities are audited, including both large and small healthcare providers, healthcare clearinghouses, insurers, health plans as well as Business Associates of covered entities. The audits must also be geographically representative, covering the whole of the United States. According to OCR’s Susan McAndrew, the screening questionnaires are to “assess the...
Orlando Health Notifies 68 After PHI Found in Neighborhood Driveway
An Orlando Health hospital has sent breach notification letters to 68 patients after a document containing their Protected Health Information (PHI) was found “in a neighborhood driveway”. The letters were sent “out of an abundance of caution”, although potentially that information could have been read by an unauthorized individual. According to a WFTV news report, Channel 9 was contacted by a man after his son received a breach notification letter in the post telling him that his confidential health information may have been exposed in a security incident, which prompted reporters to investigate. John Henderson told reporters that his son was sent a letter saying that a patient list was discovered in a driveway which was found to contain patient names, medical record numbers, account numbers and medical diagnoses, although no insurance information, financial details or Social Security numbers were included on the list. He said he “can’t believe Orlando Health is this irresponsible.” Hospitals must take great care to ensure that patient health information is properly...
Crime Leading HIPAA Breach Cause Says Ponemon Data Security Study
The threat to the healthcare industry from hackers is growing. Hacking and network server incidents are now the main cause of HIPAA data breaches, according to the OCR “wall of shame”. Yesterday, the Ponemon Institute released data from a new Privacy and Security which confirms that criminals are now the major cause of HIPAA breaches. The new study – the Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data – shows that criminal activity is behind 45% of all healthcare data breaches, be that the theft of equipment or records with intent to use or sell the data, hacking incidents, malware, phishing and theft by malicious insiders. The loss of laptop computers and other unencrypted devices, accidental disclosures, and administration errors have traditionally been the major cause of data breaches over the past few years, including in 2014. This is the first time that carelessness and negligence have not been the leading breach cause. This is unlikely to change in the near future, especially considering criminal activity has increased by 125% over the course of the...
Hacking Tops List of 2015 Data Breach Causes
An analysis of breach reports during the first 5 months of the year shows that the main cause of 2015 HIPAA breaches is still hacking, which continue to expose patient health records in the millions. The colossal data breach at Anthem Inc., exposed 78.8 million member records while the HIPAA breach at Premera Health was potentially more serious. While 11 million records were obtained by hackers – considerably less than in the Anthem hacking incident – the data stolen was more substantial, and included medical information, personal identifiers and Social Security numbers; everything thieves need to commit fraud on a huge scale. Hacking Main Cause of HIPAA Breaches and Exposes Most Records HIPAA-covered entities are required – under the Breach Notification Rule – to report data breaches involving more than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights. These breach reports must be made within 60 days of the discovery of a data breach. The two mega data breaches certainly stand out in the breach report lists due to the volume of records...



