As it has done in past months, Protenus has compiled a monthly report on health data breaches in the U.S. that were disclosed during October. Their analyses are based on data and information provided by this site and blogger. Of special note: in the past two months, we have now learned of two incidents affecting at least five covered entities where there was irretrievable patient data loss as a result of a ransomware attack. For at least four of the reporting entities, the data loss occurred at the business associate during recovery from the attack.
Note that incidents included in the monthly Breach Barometer do not always match HHS’s public breach tool for the month, because some incidents are added to the breach tool in the month or months following first public disclosure of an incident, and some incidents never appear on HHS’s breach tool because they are either under-500 or are never reported to HHS for various reasons.
The October report was based on incidents involving the following entities:
- Aesthetic Dentistry
- Anne M. Cummings, M.D., F.A.C.P.
- Anthem, Inc.
- Apria Healthcare
- Baxter Healthcare
- Baxter Regional Medical Center – Home Health Facility
- Baystate Health
- Bedford County Board of Education
- Curtis F. Robinson, MD
- Dr. Dennis T. Myers, D.D.S., P.A.
- Florida Hospital
- Francisco Jaume, D.O. (Yavapai Orthopaedics)
- Fred’s Pharmacy
- Gibson Insurance Agency, Inc.
- Group Health
- Health Access Network
- Horizon The Health Center
- Integrity Transitional Hospital
- Lee Memorial Hospital
- Mercy Hospital & Medical Center
- MGA Home Healthcare Colorado, Inc.
- Peabody Retirement Community
- Peachtree Orthopedic Clinic
- Rainbow Children’s Clinic
- Richard E. Paulus
- Richard H. Hutchings Psychiatric Center
- Rite Aid
- Singh and Arora Oncology Hematology, P.C.
- The Finley Center for Acupuncture and Naturopathic Medicine
- The Seattle Indian Health Board
- Thomasville Eye Center
- University of Wisconsin Hospitals and Clinics Authority
- Vermont Health Connect
- You and Your Health Family Care, Inc.
Many of the incidents, but not all, were reported on this site and can be found by using the “search” function.
You can find Protenus’s Breach Barometer for October here.
And after you’ve read the report, also read HIStalk’s interview of Robert Lord, CEO of Protenus, as he really articulates the challenges beautifully, e.g.:
Healthcare is fundamentally facing a crisis in trust in our systems. We’re increasing the amount of data we collect. We’re increasing the analytics that we’re performing. We’re increasing interoperability. We need all these things to deliver the promise of better care, better patient satisfaction, and decreased cost. In no way do we want to stand in the way of all of this great data-sharing.
Simultaneously, if we can’t build that trust in the system, if we can’t establish a new paradigm for how we’re going to protect all this data and make sure people are accessing data appropriately, then we’re going to lose all of these benefits in the long run.