Insider threats and hacking were the reasons behind the majority of the incidents.
Insider threats and hacking were the reasons behind the majority of the incidents.

The healthcare industry saw 37 data breaches take place in September with about 250,000 patient records being compromised, but this was a major decrease from the 8.8 million records breached in August.

September's 37 incidents was down slightly from the 42 posted in August, but the September figure is part of a trend that has the number of data breaches per month increasing as the year moves along, the Protenus September Breach Barometer stated. During the first half of 2016 an average of 25.3 breaches happened each month to 39.3 per month so far for the second half of the year.

The good news for September is the total number of records compromised was down massively from 8.8 million to a quarter of a million.

"We've seen a drastic drop in the total number of patient records breached compared to last month, however there hasn't been a significant drop in the number of breach incidents that have occurred - there can be a lot of month-to-month volatility, to be sure,” Protenus CEO Robert Lord told SCMagazine.com in an emailed statement.

 

Courtesy Protenus

Protenus' Breach Barometer is a monthly study of reported or disclosed breaches in the healthcare industry.

Insider threats and hacking were the two biggest causes data breaches with the former responsible for 41 percent, or 15 incidents, and the latter 32 percent, or 12 incidents. Seven of the insider threat cases were accidental in nature with the remaining eight being attributed to purposeful wrongdoing.

At least five of the hacking cases involved ransomware, but Protenus did not have enough information to say if this type of malware played a role in the remaining incidents.

The report also broke down the breaches by state with California having the dubious honor of being first with 11 cases, followed by Pennsylvania with four, New York and Oregon with two. The remainder were single cases spread among many states.

“As criminals become more aware of the value of health records, you can expect these trends to continue or worsen until organizations become proactive in detecting and mitigating these incidents," Lord said. "Increasing their current privacy posture is a critical first step in protecting patients' sensitive medical data.”