|Incident #1||Incident #2|
|A U.S. medical training school has exposed the personally identifiable information of thousands of students after an unsecured bucket was left exposed online. As ZDNet reports, he server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data. The quantity of data exposed equates to just under an estimated 200,000 files including driver license copies, names, dates of birth, home addresses, phone numbers, email addresses, and both professional and educational summaries.|
Washington residents received a record amount of data breach notifications in the last year, according to a report released Friday by the state’s attorney general. Breached businesses and agencies in the last year sent 6.3 million notices to Washingtonians—by far the largest number of notifications sent to state residents since attorney general Bob Ferguson began tracking the data in 2016, the report states.
In addition to the millions of notices, 280 data breaches, 245 cyberattacks, and 150 ransomware attacks were reported, according to the report.
|Incident #3||Incident #4|
INDIANAPOLIS — Roughly three months after Eskenazi Health released a statement announcing a cyber security breach that compromised personal data, some patients are just now receiving that news in the mail. According to a release posted last month, Eskenazi Health was notified of a cyber attack “on or about August 4, 2021” that resulted in the personal information of some employees and patients being leaked to cyber-criminals. However, the same release claims the breach actually happened three months prior “on or about May 19, 2021.”
EHR vendor QRS began notifying its clients of an August cyberattack that exposed the PII and PHI of nearly 320,000 individuals. The attack occurred between August 23 and August 26, 2021, when a hacker accessed one QRS dedicated patient portal server.
Cyber criminals target healthcare organizations more than any other type of business. Hospitals accounted for 30 percent of all large-scale data security incidents in 2020. Over the last three years, a staggering 93% of healthcare organizations experienced a data breach, while 57% of healthcare organizations have had more than 5 breaches. Other attacks may impact more people and thereby attract bigger headlines (Marriott, T-Mobile, Colonial Pipeline), but the threat of shutting down life-saving functions makes attacks on healthcare organizations far more serious.
While hospitals often have the resources to build up cyber-security protection systems, post-acute-care providers are often forced to put such expenditures on the back burner. If attacked, the consequences can be severe enough to destroy a small business. Home Health, Home Care, and Hospice are not immune.
In recent years, agencies forced by law to disclose an attack that may have exposed personal information and protected health information include Personal Touch, OSF Healthcare Systems, and even the VA. Georgia-based Aveanna Health was attacked in August, 2019 and informed staff and patients in February, 2020.
Post-Acute Care providers do not have to navigate the cyber security waters alone. There are several resources available to help healthcare organizations protect themselves from those international hackers.
©2021 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Home Care Technology: The Rowan Report. homecaretechreport.com One copy may be printed for personal use; further reproduction by permission only. email@example.com