The rate of security incident disclosures in 2015 surpassed those of 2014, according to the second annual BakerHostetler Security Incident Response report. What’s more, healthcare tops the list for frequency of data breaches.

“It’s not if, but when an incident will occur,” BakerHostetler said. “Privacy and data security issues are firmly entrenched as a significant public and regulatory concern and a risk-opportunity that executive leadership and boards of directors must confront.”

[Also: Healthcare's newest ransomware threat: PowerWare]

As part of the report the law firm published a seven-point plan to help healthcare organizations avoid breaches and ultimately respond when they do occur.

1. Develop and practice an incident response plan

2. Conduct security assessments of assets including sensitive data

3. Deploy detection capabilities

4. Routinely collect and analyze threat intelligence on immediate risks

5. Educate employees to avoid incidents and recognize when they do happen

6. Run contract analysis for business associates and technology vendors

7. Maintain ongoing diligence to proactively guard against evolving threats

“Tens of thousands of incidents involving PHI have been reported since HITECH’s breach notification requirement went into effect in 2009," BakerHostetler reported. “So it is no surprise that by frequency, healthcare tops our list. While PHI incidents are disclosed more frequently, driven in part by HIPAA presumption that a breach occurred.

A silver lining: BakerHostetler found that the severity of breaches, when measured by the number of individuals that are affected in a particular breach is often less than 10 people.

Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn