It’s had to find good news in the report published by Protenus Breach Barometer. Their research says there were, on average, one significant protected health information breach per day during the month of January 2017. As a company that helps prevent criminal acquisition of data, I can say that I am not surprised. If you are sensitive to the issue, you’ll regularly see this kind of news.
Here are a few of the data points highlighted by the report:
- 389,000 records were involved in the breaches
- 25 were at the heath care provider level (+80% of the breaches)
- The breaches were spread among 21 states
- California (6) and Maryland (3) had multiple breaches
- 10 of 31 breaches were caused by hackers
- It took on average 174 days to report the breach
- 40% of the breaches took longer than the prescribed 60-day timeframe to report the breach
So where’s the good news?
The good news is that the majority of the problems were caused by insiders and that means the problem can be addressed. Just under 60% of the breaches were caused by people inside the healthcare organization; people that the organization has can have significant control of. These are examples of breach cause.
- Staff that simply made mistakes
- Staff that purposely caused the breach for curiosity reasons
- Staff that stole records for criminal purposes
Training is key
If you believe people are essentially good, that they inherently want to do the right thing, showing people the correct way to handle PHI will have a remedial effect on the breach problem. A great example that regularly hits the news is PHI that is mass mailed from an organization. If people are trained to recognize PHI, silly mistakes like this will be avoided. Procedures can and should also be implemented to shore up areas of weakness. For example, a very simple, common sense and quick procedure that requires a review of mass mailings prior to posting the mail will very likely catch a problem before it becomes a terrible embarrassment to the organization and a nasty problem for their customers and patients.
Even people that desire to criminally mishandle PHI will be discouraged from doing so if they know the organization looking, that it is very serious about closing loopholes and prosecuting offenders.
Extract’s focus in the fight against breach is to help organizations identify and then eliminate sensitive information from documents so that the documents can be shared without any fear of breach. If the offending data is eliminated, there will be nothing of consequence for criminals to steal or employees to misplace/ mishandle.
Hackers were involved in 30% of the breaches, and even though it is impossible to close every possible weakness in a large organization, it is incumbent on management to regularly invest time and money in continuous improvement in its defenses.
Register now for our monthly demo, to learn more about the Extract Platform:
About the Author: David Rasmussen
David Rasmussen is the President of Extract. With 30 years’ experience leading software companies, David is driven by the challenge to consistently find groundbreaking ways to solve customer problems. David finds it rewarding to hit the customer’s target and create a great team, build a solid infrastructure, and emerge with a strong value proposition.