Awareness : Newsletter Articles

Data Breaches in the First Half of 2019 Now Double that of Last Year

According to a breach report released by Protenus, an IT data monitoring firm, 32 million patient records were compromised between January and June of 2019, which is more than double that of the 15 million patient records breached in the entire 2018 calendar year.

The single largest breach in the first half of 2019 stems from the hacking attack of American Medical Collection Agency (AMCA), an agency who does collections for companies such as, Quest Diagnostics and LabCorp. More than 20 million patient records were breached when hackers gained accessed to sensitive medical information. The incident went unnoticed for some time and was only discovered when patient data was found for sale on the dark web. The severity of the breach is indicative of much larger issues for the health care industry and could lead to increased regulatory oversight. The AMCA fiasco “contributes significantly to this sharp increase in affected patient records and is an unfortunate example of the damage that can be done by hacking incidents that remain undiscovered over long periods of time,” Protenus said. Although the breach was not that of Quest Diagnostics and LabCorp these companies hired and vetted AMCA. Consequently, there may still be financial impact in the form of class action litigations and the risk of their reputation due to the negative exposure caused by the breach.

The Protenus report also found that the majority of breaches occurred in the health care setting. Insider errors, which can go undetected for long periods of time, allotted for 20% of the 2019 data breaches. Hacking has risen to be the number one threat. Hacking incidents accounted for 60% of all incidents and 88% of breached records. Of the 168 incidents disclosed to The U.S. Department of Health and Human Services (HHS) and/or the media in the first half of the year, 27 were due to ransomware or malware, 88 involved phishing attacks, and one involved another form of extortion. Through attempts to steal sensitive patient data, hacker’s attacks against the health care industry have dramatically risen. There has been at least one health data breach per day in the United States since 2016.

Although covered entities have improved their methods of protecting health care records by employing controls; cybersecurity threats are becoming more sophisticated and hackers more bold. Employers and employees alike must be hyper vigilant in today’s society. The question is, how can you maximize your contribution to assist in safeguarding the University against these attacks?

Here are some helpful ways you can assist the University against cyber threats:

  • Encrypt all portable devices storing University data (Laptops, USB, SD, microSD, smart phones, etc.)
  • Utilize strong and complex passwords to protect your computers and smart phones and do not share them or post them anywhere easily accessible
  • If working via Wi-Fi, make sure you are on a secure network; use SecureCanes while on campus
  • Do not open or forward suspicious emails, always verify the source to be certain. Delete spam, chain, clutter and other junk email
  • Secure your computers, laptops and/or smart phones by locking them when you walk away from your work station
  • Only use University approved cloud services
  • Download and install software updates for your operating systems and applications as they become available, this includes laptops and smart phones
  • Keep yourself educated, research ways to keep not only our patient data safe but your personal data as well

For further information please contact the Office of Privacy and Data Security at 305-243-5000 or privacy@med.miami.edu. For assistance with security safeguards, contact IT’s Help Desk at 305-243-5999 or help@med.miami.edu.