HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

March Sees Massive Hike in Healthcare Data Hacking

The number of successful cyber attacks spiked in March, with 11 incidents reported to the Office for Civil Rights, although since HIPAA-covered entities have up to 60 days from the discovery of a data breach until a breach notification must be submitted, that figure may yet rise. In February, there was one reported hacking incident involving HIPAA-covered data, and just 2 reported in January.

Last month, 11-milliion health plan records were exposed in the huge data breach at Premera Blue Cross; an incident potentially much more serious than the Anthem breach the month before due to the extent of data acquired by thieves. The Premera hack allo9wed the perpetrators to copy Social Security numbers, personal identifiers and healthcare data.

There were also a number of other large scale breaches reported to the OCR in March. The Virginia Department of Medical Assistance Services (VA-DMAS) reported a network server hacking incident in which 697,586 plan member records were exposed and 151,626 records were compromised at Advantage Consolidated. Over 90,000 records were exposed in separate attacks on AT&T Group Health Plan and the Freelancers Insurance Company and Indiana State Medical Association reported a hacking incident which resulted in the exposure of 38,351 records.

The total breaches are also up 35% in March, with 17 incidents reported in both January and February, compared to 23 data breaches so far reported to the OCR for March. In total, 91,015,368 Protected Health Records have been exposed in breaches so far this year.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Health Insurance Plans A Target for Hackers

The two multimillion record hacks reported this year both affected health plans, and last month the McDermott medical plan, Freelancers Insurance Company, AT&T Group Health Plan, Career Education Corporation and VA-DMAS all registered hacking incidents, while hackers also gained access to over 900,000 records in two separate network server incidents at the Georgia Department of Community Health in which 355,127 and 557,779 records were exposed.

Hackers are now using much more sophisticated methods to gain access to healthcare databases and the PHI they contain. It is now more important than ever to improve data security measures and implement even more robust security systems that those demanded by HIPAA and to give serious consideration to implementing data encryption technologies for data both at rest and in motion.

While preventative measures are essential, it is also important to monitor access to PHI to ensure that if hackers manage to break through defenses, rapid action can be taken to limit the damage they cause.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.