The Department of Health and Human Services (HHS) has made some new entries recently to its data breach tool listings. The first of these is Blaine Chiropractic Center in Blaine, MN – a data breach that has reportedly affected nearly 2,000 patients. The second of these was awarded to Access Health Care Physicians of Brooksville, Florida. These were the only healthcare data breaches added in the month of July on which all the details are made available. The Minnesota data breach involved a hacking incident, and the Florida incident was due to a break-in and theft of paper and film documents.

Healthcare Data Breach

Just another couple of routine data thefts at yet another couple of healthcare facilities. Or, is there something more going on here? We’re already aware of the Ukrainian hacker group claiming responsibility for the hacking and data dump involving Central Ohio Urology Group. The pattern and M.O. are clear to be seen, in most cases. Hold healthcare organizations’ client data or networks hostage, in return for a ransom (in the ransomware cases), or to expose flaws in cybersecurity. But something more appears to be going on, as a truly staggering amount of affected healthcare facility databases have been racked up on the HHS breach tool since 2009. It seems to be spiraling exponentially, with an appalling number of healthcare providers being rated in the substandard category for cybersecurity and data network defense, as the problem worsens.

Types of Data Breach

A large number of the data breaches listed on the HHS.gov website appear to be the cause of physical theft of hardware, with exposure and “dumping” of patient data being an unintended or non-issue. The first Hacking/IT incident doesn’t even occur until the fifth month of HHS record-keeping in this capacity, in March 2010. Regular hacking of healthcare databases doesn’t even become anything to speak of until sometime in 2011. Then, they taper off for a while, with physical theft and unauthorized access being predominant until 2013. Then, the cybercrime incidents really start to ramp up. And, it seems that with more and more hospitals, clinics, and healthcare organizations willingly handing over ransomware cash, the more the hackers go about their reprehensible business. Naturally, if their crimes pay.

The Hacking Pattern

It seems that somebody – or a network of somebodies somewhere – is out to prove a point. The “I can get into your network and expose your data” game, however, seems to be aimed at the very industries which have garnered special government regulatory protections recently. And, the more HIPAA fines that are handed out, the more the hackers do their hack-and-dump or ransomware business. What can stop this speeding train of cyber breaches going off its rails? Every day we see new hacks, thousands of compromised patients, along with the prepared statements of concern and reassurances of new efforts on the part of hacked healthcare providers to step up security, provide patient/victim credit monitoring, etc., etc. The pattern of attacks and subsequent PR damage control seem all too…patterned.

Protect Yourself with Adequate Security

It’s something that’s become a part of our daily lives in today’s world: Security, and how best to obtain and keep it. If you have questions about implementing cyber and data security for your company network, MRW Systems is the leader in providing managed IT services in Westminster, Baltimore, and Carroll county. Contact one of us today at (410) 751-7111 or send us an email at info@mrwsystems.com, and we will be happy to answer all your questions.