A Data Breach a Day - Part 2

by ih-coc admin

In our last blog, we listed a few major data breaches that were reported in the month of March. There was on average at least one new report a day throughout that entire month. In today’s article, we’ll mention a couple of additional noteworthy breaches during that period, as well as take a closer look at the primary reasons why data breaches keep happening.

The LCP Transportation Data Breach

Employees of LCP Transportation, Inc. responded to phishing emails. It was as simple as that. As a result, 54,528 patients had their personal data completely exposed to hackers for more than a month. The data in question included full names, insurance ID numbers, addresses, dates of birth, dates of service, and medical conditions.

The same day patients were notified of the data breach, officials announced a second breach - this time caused by a mailing error. Protected health information was unintentionally disclosed when a letter about a pharmacy change was incorrectly mailed to the wrong recipient.

The Superior Dental Care Alliance Data Breach

On March 26, dental insurance carrier Superior Dental Care began alerting its members of a security breach - this one affecting 38,260 members. Superior Dental Care became aware of suspicious activity within an employee's email account on January 23rd. They determined the employee's email account was accessed by an unauthorized, unknown party starting from as early as December 21, 2018. During that entire period, member names, addresses, Social Security numbers, payment and medical information related to dental services were compromised.

What Do All of These Data Breaches Have in Common?

By majority, the largest culprit seems to be email. Whether it’s an employee sending information to or from an insecure account or an employee simply falling for a phishing message, by and large, unsafe email practices are a major problem in the healthcare industry. Email incidents dominated the March 2019 healthcare data breach reports with 12 incidents reported that involved ePHI stored in emails and/or email attachments.

However, in the month of March alone, breached PHI also occurred from:

  • Laptops
  • Paper/films
  • Network servers
  • Electronic medical records
  • Desktop computers
  • Other non-specified sources

What we can conclude from this is that it’s imperative to not just focus security and data hygiene on any one area such as email, but rather to follow a rigorous, full range of safety precautions in the form of clearly outlined mandates for every possible avenue of data transmission and storage. That is precisely what HIPAA regulations aim to do, and why conforming to its guidelines is so important, no matter how lengthy the guidelines are.

Knowing where your points of vulnerability are can help you protect your organization from liability – not to mention protect the trust of those who have placed their privacy in your hands. Do the right thing by staying vigilant. Contact us online or by phone at (800) 733-6379 if you’d like to talk about how your company can maintain full HIPAA compliance at all times.