We have repeatedly reiterated numerous warnings to the healthcare industry about malware and ransomware [see related posts here and here]. Our predictions have unfortunately become true, as November was the worst month ever for healthcare data breaches, according to self-reports to the Office for Civil Rights (OCR).

In the month of November 57 incidents of unauthorized access, use, or disclosure of protected health information were self-reported to the OCR. 2016 has the highest number of self-reported data breaches to the OCR, and November hit the jackpot. The tally of healthcare records compromised last month? 458,639. Ouch. What is even more distressing is that it is being reported that 54.4  percent of those reported incidents were caused by insiders.

70 percent of the breaches were reported by health care providers, and business associates were involved in at least 44 percent of the total number of breaches.

The healthcare industry is being hit hard and will continue to be targeted. Business associates continue to be a high risk for covered entities. 2017 should be the year of data breach prevention and business associate due diligence.