2019 HIPAA Breaches: The Box Scores

Fox Rothschild LLP
Contact

Fox Rothschild LLPIt’s that time again for year-in-review articles. On December 16, 2019, Modern Healthcare has published an infographic that compares HIPAA breaches which occurred in 2019 to aggregate breach statistics from 2010-2018.  The 2019 data was analyzed through the end of November. A few interesting trends appear.  Let’s go to the numbers:

Breaches by Location:

In 2019, 40% of breaches involved email, compared to only 13% during 2010-2018.  This may suggest an increase in phishing and more sophisticated “spear-phishing” techniques.  Privacy officers should alert their organizations to be more vigilant about clicking links and opening emails from unverified sources, even where the emails look deceptively legitimate.

Network server breaches were up slightly, from 16% to 22%

Laptop-related breaches are down sharply, from 12% to only 3%, and desktop computer breaches are down from 6% to 3%.  This could mean more covered entities and business associates are using appropriate encryption, or may also reflect migration of data to the cloud instead of storing it on laptops and desktop computers.

Electronic medical record breaches are steady, declining slightly from 4% to 3%.

Breaches by Type:

Hacking/IT Incidents represented 57% of breaches in 2019, up sharply from 22% for the prior 8 years.  Coupled with the email breach increase, this trend would suggest infiltration or malware-related breaches that are accomplished by inattention to best practices, both in terms of recognizing and resisting phishing attempts and in failing to maintain up-to-date security measures.

Unauthorized access/disclosure remains steady, representing 30% for 2019 versus 28% for the prior 8 years.

Theft is down significantly, from 33% to only 7%.  Once again, like bank robbers go where the money is, hackers go where the data is, and that is increasingly in the cloud.

Improper disposal is a minor factor, only 1% in 2019, down from 3%.

Breaches by Month:

The report also tracked the average number of individuals affected per breach by month reported.  A significant spike occurred in July, 2019, representing the second-highest reported number of individuals affected by healthcare breaches since 2010.  This anomaly was attributed largely to a massive data breach at billing collections vendor American Medical Collection Agency that affected nearly 20 million individuals.

The wrap-up:

Statistics can be misleading, but if these trends continue, expect more issues involving email scams, malware that can infect systems via email and similar approaches, and unauthorized access, all of which focus on what is often the weakest link in any system – between the chair and the keyboard.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.