top of page

Breach Tally: Hacking Incidents Still on the Rise

As of March 9, 50 major breaches impacting 424,286 individuals have been added to the Department of Health and Human Services' Office for Civil Rights' "wall of shame" website of major breaches affecting 500 or more individuals.

Of those 2017 incidents, 20 are listed as unauthorized access/disclosure breaches; 14 are hacking incidents; and 14 are breaches involving loss/theft of protected health information. Of the incidents involving loss or theft, eight involved paper/film records, and six involved unencrypted desktop or laptop computers, or other portable devices.

As of March 9, more than 171.66 million individuals in total have been impacted by the 1,852 major breaches that have been reported to HHS since September 2009.

In total so far in 2017, 14 hacking incidents affected nearly 262,000 individuals, or about 60 percent of all individuals impacted by major HIPAA breaches.

As of March 9, a hacking incident affecting nearly 86,000 individuals reported on March 2 by Vision Quest Eyecare in Indiana is the largest breach posted so far on the wall of shame in 2017. Vision Quest declined to provide Information Security Media Group details about the incident, and as of March 9, no notification statement was posted on the company's website.

The most common reasons given by the OCR for financial settlements and fines are failure to:

  • Conduct an accurate and thorough risk analysis that incorporates all information technology equipment, applications and data systems storing PHI;

  • Create and maintain a risk management plan;

  • Implement policies and procedures and retain for six years;

  • Reasonably safeguard the electronic PHI using prevailing practices;

  • Encrypt computing devices and storage media;

  • Obtain satisfactory assurances in the form of a written business associate agreement;

  • Monitor and maintain user provisioning, such as not removing user access in a timely manner.

Read the full article:

bottom of page