The number of health data breaches for March was more than January and February combined. According to the Protenus Breach Barometer released this week – which is a monthly snapshot of reported or disclosed breaches impacting the healthcare industry, with data compiled and provided by DataBreaches.net – there were 39 breach incidents in March, compared to a combined 31 for January and February.
The March incidents affected just over 1.5 million patient records; the largest single incident involved 697,800 patient records and was reported by Commonwealth Health Corporation to the Department of Health and Human Services’ Office for Civil Rights.
The Protenus report shows that insiders were the biggest cause of the healthcare data breaches reported in March, accounting for 17 incidents; 10 involved insider error and seven were the result of insider wrongdoing.
There were 11 hacking incidents that resulted in the theft or exposure of 600,270 records. The loss or theft of physical records and devices containing ePHI represented the fewest number of incidents (8) but impacted the most individuals with 737,131 records affected.
Healthcare providers registered 33 of the 39 incidents, followed by four breaches reported by health plans. One incident was reported by a business associate and one was disclosed in a media report but has not been confirmed by the organization. Texas was the worst affected state with six reported incidents. Tennessee, Pennsylvania, Kentucky, and Missouri each had three data breaches.
Could your company be at risk for a similar breaches? PrivaPlan can perform a Security Risk Assessment for you. A critical part of this assessment is the PHI Inventory, which works for both physical PHI and electronic PHI. The inventory process identifies all areas in the facility that PHI is located and how it is used. By performing this assessment and documenting where PHI is located, covered entities can protect their patients’ information from breaches.
For more information or other services PrivaPlan provides, contact our HIPAA experts at email@example.com or call 877-218-7707.