August 11, 2020

Volume X, Number 224

August 11, 2020

Subscribe to Latest Legal News and Analysis

August 10, 2020

Subscribe to Latest Legal News and Analysis

July 2019 Ranks Highest in History for Health Care Data Breaches

July 2019 was the worst month in history for health care data breaches, with a total of 50 breaches that affected more than 500 records reported to the Office for Civil Rights (OCR), according to HIPAA Journal Those 50 reportable data breaches exposed more than 35 million individuals’ health care records.

HIPAA Journal opines that the “main reason for the increase in reported data breaches in July is the colossal data breach at American Medical Collection Agency,” which to date, has involved more than 22 health care organizations and nearly 25 million records.

Thirty-five of the 50 incidents reported to the OCR involved hacking and IT incidents, which shows that hacking and phishing campaigns continue to plague the health care industry. In addition, “there was a major increase in network server incidents in July. The rise was due to the AMCA breach but also an uptick in ransomware attacks on healthcare providers. Phishing also continues to pose problems for healthcare organizations.”

According to the report, “the number of phishing attacks strongly suggests multi-factor authentication has not yet been implemented by many healthcare organizations.”

The increase in data breach incidents in the health care industry, as shown in the July reports, and the rampant use of phishing campaigns and ransomware by cyber-attackers, emphasize the need for health care organizations to implement stronger security measures, including strong spam filters, firewalls, employee education, and multi-factor authentication.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 248


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...