This has been a very challenging year. Despite the COVID-19 outbreak starting in the first half of 2020, data analyzed from the Health and Human Services (HHS) Office for Civil Rights (OCR) Breach Portal shows that the number of patient data records breached dramatically declined during the early stages of the pandemic.
Healthcare orgs too busy to report
CI Security analysts assessment indicates that the number of breach reports in the first half of 2020 is down 10.4 percent compared to the second half of 2019, and the number of breached records is down nearly 83 percent, based on information that healthcare organizations are required to submit to HHS within 60 days of the discovery of any breach affecting more than 500 individual records.
“A combination of factors come into play for the numbers declining so precipitously during a global pandemic, including healthcare organizations misunderstanding HIPAA and COVID-19 exceptions issued during the pandemic, healthcare organizations simply being too busy to report, or organizations having been so distracted by the pandemic they are not aware they have already been breached,” said Drex DeFord, Executive Healthcare Strategist, CI Security.
“With the likely notion that most healthcare organizations are not accurately reporting attacks and breaches, this draws attention to the fact that there will likely be a dramatic increase in discovery in the next six months.”
- A total of 3.8 million individual records were breached through hacking and IT incidents in the first half of 2020, compared to 30 million records breached over the prior six-month period.
- The first half of 2020 showed an 82 percent drop in records breached by healthcare providers (over the previous six-month period).
- Email was the top source of breaches in the first half of 2020 (134), blamed for over 3M records breached in the first half of 2020, up 86 percent over the last half of 2019.
- Hacking consistently leads the way for total number of breach reports, accounting for 149 of the 249 breaches reported in H1 2020.
- Providers reported 18 percent fewer breaches in the first half of 2020, compared with the last six months of 2019.
COVID-19 caused orgs to change business and clinical practices
The emergence of the COVID-19 global pandemic caused organizations to change business and clinical practices rapidly from rolling out work-from-home for employees, driving exponential increases in telehealth visits, and urgently acquiring and installing equipment, including Internet of Things (IoT) and Internet of Medical Things (IoMT).
Additionally, healthcare organizations extended capacity by quickly on-boarding previously retired clinicians, and temporary employees; added new locations for drive-thru testing and other needs; and connected to new suppliers.
It is anticipated that cyberattacks will surge over the next six months, given hospital records remain a high-value target for hackers; patient medical records are worth as much as ten times more than credit card numbers on the dark web. Healthcare organizations will require more cyber security vigilance than ever before.