HIPAA breach notification rule

HIPAA Breaches Running at Record Rate

HIPAA Breaches and You

In the past 12 months, we've averaged over 3.3 million breached healthcare records per month. Aside from the breach of confidentiality this represents, the information in those records is used for financial fraud, insurance fraud, identity theft, and in some cases, blackmail. If it's not happening or impacting you, it's easy for us to gloss over it, but the reality is these breaches have dramatic impacts on the lives of many of us. It's not just a moral imperative that we protect this information, it's also the law, and we're continuing to fail. Let's take a look at where these failures are happening.

In OCR's monthly cyber breach report from May, they reported where these attacks are occurring, and it's something you all need to be aware of. The report indicates over 73% of all reported breaches were the result of hacking or IT incidents. This holds true to the trend away from internal operational breaches, and highlights the exponential growth of cyberattacks across all sectors.

The second revealing fact from the report is 67% of the attacks occur on network servers or via email. The server attacks represent 36% of the reported breaches, so our servers and our email are the gateways hackers are exploiting.

Let's pause a moment to highlight one overlooked point - these are REPORTED breaches. Do any of you believe that represents all of the breaches, most of the breaches, half of the breaches? We don't know how many are going unreported or worse, undetected, but it's safe to assume we aren't seeing the full picture.

Finally, almost half of these reported breaches come from Business Associates. That means the data you are stewards of is still getting into the wild, even if through no fault of yours. With that said, an improperly executed, or missing, Business Associate agreement means their liability is yours as well.

If you don't have professional IT management, ideally with a healthcare experienced company, then you're taking unnecessary risks. If you aren't conducting risk assessments at least annually, you could be in the group of entities with undetected breaches.

We're here to help. For 17 years we've been providing the healthcare community with best-in-class IT management and HIPAA compliance. Many of our clients have been with us for more than 15 years, talk to us to discover why.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top