A review of the government’s most recent stats about healthcare data breaches reveals a bit of both good news and bad news. On the plus side, there have been fewer data breach attacks on US health care providers and systems so far in 2023. But the bad news is that when attackers strike, they breach more records than ever before, putting higher numbers of patient data at risk.
Researchers at Critical Insight combed through the data breaches reported to the US Department of Health and Human Services by healthcare organizations during the first six months of 2023, and created an analysis showing which trends they identified.
Check out three trends in healthcare data breaches, along with tips on how you can avoid being the victim of a breach.
1. Hacking/IT Incidents Topped the List
The number of people who were the victims of healthcare data breaches climbed to 40 million during the first half of 2023, which marks a record high. Of those breaches, about 73% were due to hacking or IT incidents.
Hackers found healthcare data to be easy targets this year, but not strictly by tapping directly into medical practices’ systems. The reality is that many hackers have focused on third-party business associates. About 21% of hacking breaches were targeted at business associates, 14% at health plans, and the rest at individual healthcare providers.
Hackers tend to come in through network servers, email, electronic medical systems, and other means, with network server breaches being the most-hit systems.
Avoid being a victim: To avoid these types of incidents, it’s critical for medical practices to boost their defense systems. This means having a qualified expert assess your system and confirm that it’s impenetrable from all angles. If they find any vulnerabilities, you must secure them immediately. You should also have a breach response system in place so you can quickly respond if any breaches occur. In addition, don’t forget to work closely with third-party vendors and business associates to make sure they’re maintaining your patients’ data securely and safely.
2. Unauthorized Access/Disclosure Was the Second Biggest Culprit
The analysis showed that about 23% of healthcare data breaches stemmed from unauthorized access or disclosure. This can stem from people looking at records when they don’t have a medical reason to do so, or staff members telling other people about a patient’s health details when they shouldn’t, among many other issues.
Avoid being a victim: To stay clear of these types of violations, you must train your staff members on how to secure patient information and remind them the importance of having a medically necessary reason to access patient data. Also confirm that you’re sending, receiving and storing protected health information in a secure manner so no one can access it without authorization.
3. Theft, Lost Records and Improper Disposal Came in Third
The third most common source of data breaches involved theft, lost records and improper disposal. These issues often get the biggest headlines, particularly in situations like boxes of records being stolen from an employee’s car or records being thrown in the trash without being de-identified or shredded first. But such problems are much less common than they were when HIPAA first went into effect, demonstrating that most practices have made strides in securing this type of data.
Avoid being a victim: Even though these types of breaches have been decreasing in frequency, your practice must remain as vigilant as ever in protecting your records from falling into the wrong hands. Train your staff members in the proper ways to keep PHI safe and keep a log tracking all records if they ever leave your office. When disposing of patient records, always purge PHI as much as possible prior to disposal, and then confirm that the information has been properly destroyed so no one can access it following disposal.
One area that’s vulnerable to HIPAA breaches is the front desk, since so much PHI passes through it. Let expert Tracy Bird, FACMPE, CPC, CPMA, CEMC, CPC-I, show you how to avoid any problems at your front desk so you don’t become a data breach statistic. Register for her 60-minute training, Head Off Front Desk HIPAA Nightmares, right away!
 |
Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. |
|
|
|