Hospitals might be getting better at breach reporting
For the second straight month, hospitals posted improved data breach reporting times, according to the monthly Breach Barometer jointly published by Protenus and Databreaches.net.
Thirty-four incidents involving protected health information or medical data happened in April. That’s five fewer than the 39 incidents that took place in March but three more than the 31 each registered during January and February
“There's not too much of a difference in these month-to-month numbers, even with a slight spike in March,” Protenus co-founder Robert Lord said. “The picture that's being painted with this relative consistency is that the steady and continuous leakage of patient data continues.”
[Also: Ransomware rising, but where are all the breach reports?]
April saw 232,000 breached patient records, much lower than March’s sky-high 1,591,521 but more in line with the 388,307 and 206,151 records exposed in January and February, respectively.
Hackers accounted for 47 percent of the incidents, insiders for 29 percent and loss or theft for 15 percent, while the remaining 9 percent were caused by an unknown reason.
Lord noted a curious twist in the research: April was the second month of improved reporting statistics. Among the incidents reported during April, in fact, it took organization's 51 days, on average, to discover the breach and 59 days to report it to the U.S. Department of Health and Human Services and, what’s more, 66 percent of organizations sent the report to HHS within the required 60-day window.
“We’re hoping it might be part of a trend toward more disciplined reporting,” he added. “But we still haven't made much progress on fundamentally bending the curve when it comes to protecting health data.”
Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com
