November saw a 60 percent increase of breach incidents from October, at an average of two incidents per day. With 57 reported incidents, November saw the most breaches so far this year, according to the Protenus Breach Barometer released December 15.
Forty-seven of these incidents involved a total of 448,639 breached records, the report found. The largest single incident involved 170,000 patient records, which resulted from a third-party's insider error.
The biggest cause for these losses? Employees (insiders), who caused 54 percent of the incidents. Seventeen breaches were a result of an error, but 14 were caused by insider wrongdoing, according to Protenus.
In comparison, only nine breaches were caused by hacking - down from October's 14 incidents. Three of these attacks were caused by ransomware and another attack was extortion from cybercriminal TheDarkOverLord. Six of these hacks involved 102,883 patient records.
Another notable point from the report: It took 135 days, on average, from the time the breach was noticed to when these entities reported it to the Department of Health and Human Services. Further, 60 percent of breached entities took longer than the required 60-day window to report the breach.
"It's essential for organizations to be proactive when monitoring patient data," the report authors said. "The sooner a breach is detected, the quicker the healthcare organization can mitigate the risk of significant damage being done with their patient's data. The longer PHI is exposed, the more it can cost the healthcare organization and ultimately become troublesome for the patients."
What's interesting is there was a steep decline in incidents in the September and October. Further, while there were more breach incidents in November than other months, June saw the most records lost at 11,061,649 with only 28 incidents.
Of the 57 breaches, 70 percent involved healthcare providers. But at least 25 of these incidents were caused by business associates or vendors. Ambucor Health Solutions, a clinical labor services provider was responsible for 11 of these incidents.
This article first appeared in Healthcare IT News.