July 2019 was the worst month in history for health care data breaches, with a total of 50 breaches that affected more than 500 records reported to the Office for Civil Rights (OCR), according to HIPAA Journal. Those 50 reportable data breaches exposed more than 35 million individuals’ health care records.
HIPAA Journal opines that the “main reason for the increase in reported data breaches in July is the colossal data breach at American Medical Collection Agency,” which to date, has involved more than 22 health care organizations and nearly 25 million records.
Thirty-five of the 50 incidents reported to the OCR involved hacking and IT incidents, which shows that hacking and phishing campaigns continue to plague the health care industry. In addition, “there was a major increase in network server incidents in July. The rise was due to the AMCA breach but also an uptick in ransomware attacks on healthcare providers. Phishing also continues to pose problems for healthcare organizations.”
According to the report, “the number of phishing attacks strongly suggests multi-factor authentication has not yet been implemented by many healthcare organizations.”
The increase in data breach incidents in the health care industry, as shown in the July reports, and the rampant use of phishing campaigns and ransomware by cyber-attackers, emphasize the need for health care organizations to implement stronger security measures, including strong spam filters, firewalls, employee education, and multi-factor authentication.