After the crazy month of March, the cyber security world seemed to settle down a little bit in April. April consisted of 21 total healthcare breaches and 122,877 records compromised which included a stolen laptop, a stolen vehicle, and a ransomware attack.
Since the beginning of the year:
So far 2017 has had 558 total data breaches and almost 10 million records compromised! The healthcare industry has accounted for around 23% of those with 126 healthcare breaches and around 1.5 million records!
Some notable attacks included:
A large health system in Rhode Island has notified over 20,000 patients of compromised personal information. The information was access and from an unprotected laptop that was stolen from an employee’s car. The laptop was used to store emails that may have contained patient information including names, medical record numbers, demographic information, and prescribed medications. At this time, there is no indication that the information has been used by the hackers.
Last month, a small practice in Kentucky was attacked by cyber criminals. Their system was placed under a ransomware attack which resulted in their patient’s ePHI being encrypted. Almost 20,000 patient’s records were encrypted and inaccessible, but after two days of system downtime, the practice was able to recover the encrypted data from backups. Luckily, the practice did not have to pay the ransom that the hackers were demanding since the system was backed up.
In Montana, a health screening provider had to notify over 15,000 patients of a data breach after a facility owned vehicle was stolen on the way to a health fair. The stolen vehicle contained a flash drive which contained demographic information of health fair participants. Although there is no evidence of the information being misused, the organization offered a credit monitoring service to those affected.