Healthcare data breaches saw sharp rise in March

Image credit: iStock/tashka2000

March saw an increase in data breaches in the healthcare industry, bringing the number experienced in the month higher than that in both January and February combined, according to a new report. 

The Protenus Breach Barometer offers a monthly view of reported or disclosed breaches, with the data coming from DataBreaches.net, within the healthcare sector. For March, it saw security incidents increase, along with the number of patient records being breached.

According to the report, a single incident saw almost 700,000 patient records being breached in the month, which is a huge amount. This meant that March had over 2.5 times more breached records that the figures of January and February combined (31 incidents), suggesting that more needs to be done to protect healthcare data. 

In total, there were 39 reported or disclosed data breaches in the sector throughout March. These affected around 1,519,521 patient records, with information being available for 25 of the month's breaches. 

One of the biggest cybersecurity threats to healthcare organisations is that coming from inside them. In March alone, almost half (44 per cent) of data breaches in the sector were due to insiders within organisations. These accounted for 17 breaches and affected 179,381 patient records.

Insider error was responsible for ten of these data breaches, causing 14,219 patient records to be affected. The final seven incidents were reportedly caused by insider wrongdoing, which affected a total of 165,162 patient records. 

In fact, insider threat accounted for more breaches in cybersecurity than hacking incidents did. Cyber attacks were responsible for 11 of the incidents, which is just 28 per cent, according to the report. However, hacking still accounted for 600,270 patient records being breached.

So far this year, third-party breaches have been responsible for a large amount of the total at-risk patient records, representing 82 per cent of January's and 21 per cent of February's. However, March saw just three per cent of the total breached records being caused by third-parties, which experienced just one incident in the sector throughout the month. 

While March experienced a large increase in data breaches, it also saw them being reported to healthcare organisations at a much faster rate than in previous months. The average time in which it was taken for an incident to be reported from the day it was discovered was 45 days. Compared to February's average time of 478 days, this is a great improvement. 

All organisations, no matter the sector they operate in, need to take steps to ensure all data is as secure as possible. At Arrow, we can help your business ensure it's first-line defences are as effective as possible, while also providing tailored interconnected products that keep data safe.