November healthcare breaches: 458,000 patient records affected

The healthcare industry had an up and down November with the amount of patient records lost in data breaches declining, but the number of incidents reaching a new high for the year. Protenus' monthly Breach Barometer showed there were 57 data breach incidents during the month resulting in about 458,000 patient records being compromised. That number may be higher as Protenus stated it could only find hard numbers of affected people for 49 of the incidents.   The majority of the breaches took place in just a handful of states. California led the nation in the number of healthcare breaches with nine, followed by Florida with five. Texas and Georgia each had four, while New York and Washington had three each.

2016 number of records breached (Protenus) 

The reason behind the breaches leaned toward employees making basic mistakes, but there was more than enough criminal activity taking place. The Barometer noted that insider activity, both inadvertent and intentional, was the reason for the majority of the attacks with 54.4 percent, or 31, of the breaches falling into this category. Seventeen breaches were due to workers making an honest mistake that exposed patient information, while 14 of the insider-caused incidents were deliberate. The good news here is the worker errors resulted in many fewer records being exposed, 17,237, compared to the 264,099 records that were compromised by intentional wrongdoing. The largest single data breach comprised 170,000 patient records and was due to an employee error. Another positive that can be taken from November is the number of breaches caused by hackers was down to nine, from 14, in October. Of these nine, three were ransomware attacks and one had an extortion component. Protenus named the malicious actor The DarkOverLord as the culprit in the extortion case.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.