HIPAA Questions? Call (415) 294-5250


The profitability of stolen healthcare data means that data breaches will continue into the future. In 2015 alone, over 110 million records were breached. A 2016 Healthcare Data Breach Report from Bitglass illustrated that save for 2 percent, all of the data breaches were conducted by hackers. This is a staggering number. Due to the amount of information that is contained in health records, healthcare data is becoming more popular every year.

Hackers medical

The institutions that were breached had the opportunity to purchase insurance against cyberattacks, but the average cost per record is $363. Looking at the number above, we are talking about a cost of $39 billion. The insurance for each institution will only cover so much of each breach. Additional costs related to breaches include the costs that the individuals face whose information was stolen and most likely sold. They have to deal with identity theft and fraud. Sometimes they can recoup the costs, but other times the information is just gone.

Another issue is how long this data is used. Depending on how long it is known that a breach occurred, the data could be available for many years. By the time the breach is discovered, it is unknown how many times this information has changed hands and how far across the globe it reaches.

Institutions have 60 days after a breach is discovered to send the report to the Office of Civil Rights. This occurs when there are more than 500 accounts exposed. This means that a breach that occurred in December has until February to be reported. This could adjust the record count upwards.

Access to patient information could be lessened if institutions implemented new protocols. Vulnerabilities come from sharing passwords, keeping others logged in (whether they are active on the system or not), or employees falling prey to phishing attacks. Educating the staff to recognize phishing emails, having two-factor authentication when logging in, or tracking credential use are some of the ways that institutions can lessen the risk to their sensitive data.

Call {phone} or email us at {email} to discuss ways to increase the security of your system. {company} is here to handle all of your information technology needs.