As more and more businesses require customers to submit sensitive personally identifiable information (PII) to provide goods or services – such as Social Security numbers, and birth dates – people are forced to trust that these companies will safely store their data. Unfortunately, that is not always the case.
There were 2,216 confirmed data breaches worldwide in 2017 alone. Data breaches affect companies of all sizes, with 58 percent of targets categorized as small businesses across a range of industries, including health care, education, and financial services.
While data breaches that dominate the news tend to involve the massive corporations and tens of millions of victims, a smaller data breach of a local business that affects people in a limited geographic area is more likely to come across the desk of most attorneys. Three types of data breaches frequently occur in local communities: phishing emails to office staff, employees improperly accessing medical records, or hackers deploying ransomware. Although these data breaches may be “small” in scale, the impact on victims and local communities can be devastating.
Big data breaches grab headlines, but smaller-scale, localized ones occur frequently and have the same impact on consumers. Learn about the features of these breaches and how to handle them in the below article published by the American Association for Justice and written by Faraci Lange partner Hadley Matarazzo and Cohen & Malad attorney Lynn A. Toops.
The top ten data breaches within the healthcare industry in 2016 were caused primarily by cybersecurity attacks such as ransomware and unauthorized access.
In 2016, approximately 300 data breach incidents were reported to the Office for Civil Rights, among which 95 were caused by an IT-related or hacking occurrence and 125 stemmed from unauthorized access or disclosure. Theft of devices or records caused 58 of the reported breaches, while 16 were accredited to loss and seven to improper disposal.
HealthITSecurity‘s published their annual countdown of 2016’s top ten data breaches in the healthcare industry:
10. Premier Healthcare, LLC
9. Central Ohio Urology Group, Inc.
8. California Correctional Health Care Services
7. Radiology Regional Center, PA
6. Peachtree Orthopaedic Clinic
5. Bon Secours Health System Incorporated
4. Valley Anesthesiology and Pain Consultants
3. 21st Century Oncology
2. Newkirk Products, Inc.
1. Banner Health
One of the largest healthcare data breaches of 2015 was the Excellus data breach, which compromised the personal health information of over 10 million people.
An Excellus class action lawsuit, which was co-lead by Faraci Lange’s Hadley Matarazzo, alleged that the company failed to protect customer information, waited too long to tell customers about the breach and did not give customers adequate information about how to protect themselves in the wake of the breach.
Learn more about the Excellus data breach lawsuit here.
If you believe you are eligible for a consumer protection claim, please call or text us at (888) 325-5150 or fill out a contact form for a free legal consultation.
There have been several widespread data breaches in the healthcare industry in recent times that have put the personal information of patients, employees and providers at risk.
According to Aaron Miri, CIO at Imprivata, there is a need for increased healthcare industry standards and regulations to govern electronic health information more effectively.
The Banner Health data breach has been the largest health cyberattack in recent months.
“The Banner Health breach is a lesson for other healthcare organizations to ensure that they are constantly reviewing where their valuable data is being stored,” explained Bill Kleyman, an expert on data security.
The Arizona -based facility, Valley Anesthesiology and Pain Consultants, reported earlier this week that one if its computer systems was accessed by an unauthorized user resulting in the potential exposure of almost 9,000 patients’ information.
User access needs to also be carefully monitored and organizations need to understand who is accessing data, when, and where.
“As a hospital CIO for a number of years, my biggest struggle was not understanding who was accessing what data and where,” Miri stated. “And so being able to put in the tools to do that was really a huge key.”
As medical record values continue to rise on the black market, these kinds of cyberattacks on health care facilities are not likely to slow down.
Read the full article here.