The number of breach incidents at healthcare organizations along with the total number of patient records dipped in October 2016, the second month in a row after a summer of record-setting healthcare breaches, according to the Protenus Breach Barometer.

The monthly snapshot of breaches, with data compiled and provided by DataBreaches.net, found that in October 35 breach incidents were either reported to the Department of Health and Human Services or first disclosed in the media or other sources. There were some incidents reported to HHS in October that were not included in Protenus’ October totals because they were previously disclosed and included in prior Protenus Breach Barometer reports. Of the 35 incidents, information was available for 31, totaling 776,533 records breached. 

Though the number of incidents per month is down compared with the summer, it’s still much higher than incidents reported in early 2016. Given the recent drop in pricing for medical records on the so-called dark web, it’s difficult to tell if the current trend will continue, Protenus said.

 The Privacy & Security Forum Boston runs Dec. 5-7. Register here. 

Forty percent of breaches in October 2016 were hacking, malware or ransomware incidents that in total affected 664,549 patient records, the report noted. Of the 14 incidents for which there are numbers, four specifically involve ransomware and another two involve ransom/extortion but not ransomware as the source of the breach. Three organizations reported patient data was irretrievably lost due to ransomware or during recovery from ransomware. And two organizations that reported data loss during ransomware recovery were clients of a business associate that also reported data loss as the result of the same ransomware incident.

The two hacking incidents with ransom demands both involved a criminal who goes by the name TheDarkOverLord, Protenus reported. Neither incident has yet appeared on HHS’s public breach tool, so Protenus only has TheDarkOverLord’s claims as to the number of records acquired in the hacks. Because databases generally contain many duplicate records, the number of records claimed may significantly overestimate the number of patients affected, Protenus explained.

“Although TheDarkOverLord has claimed that some of his victims paid his ransom demands, there’s not evidence that any of his victims have ever paid,” DataBreaches.net said. “Because giving into extortionist demands just encourages more extortion, if operations are not threatened and you have backups so that there’s no serious risk of medical records being corrupted or wiped out, entities should probably refuse to pay the ransom.”

Breaches resulting from insiders resulted in 37 percent of October breaches, five of which were accidental and eight of which were insider wrongdoing, the barometer reported. For the 11 of the 13 insider incidents for which there are numbers, 79,974 records were involved, Protenus added.

In October, 29 breach incidents involved healthcare providers (83 percent of reported organizations), followed by two incidents that were reported by health plans, and three incidents reported by business associates or vendors, according to the barometer. 

 Ransomware and breaches will be among the topics at the Privacy & Security Forum in Boston, Dec. 5-7, 2016. 
⇒ Privacy & Security Forum Boston: What to expect
⇒ How to beat back hackers and savvy cybercriminals? Delve into the dark web
⇒ A CISO, consultant, and infosec vendor nail down cybersecurity best practices
⇒ Gone' phishin': Mayo Clinic shares tips for fending off attacks
⇒ What's the fundamental problem with cybersecurity? Relying on the Internet
⇒ Budgets grow but breaches continue without best practices
⇒ Think offshoring PHI is safe? You may not be if a business associate breaches

Like Healthcare IT News on Facebook and LinkedIn