1 min read

HIPAA data breaches also surge during age of Coronavirus

Picture of Hoala Greevy Hoala Greevy July 31, 2020

Healthcare cybersecurity news
Hockey player with upward trending graph lines overlay

July has not been a great month for the United States. Amid record economic contraction, infections, and deaths from the coronavirus, we also saw unusual responses by federal agents against their own citizens. What this post will cover however, is another new record trend we've spotted during the Age of the Coronavirus: Data breaches in healthcare.

 

Email Breaches reach new HIPAA violation record

Bar chart showing HIPAA breaches by attack vector in July 2020, with email accounting for 29 breaches, network server for 8, and others ranging from 1–5

Organizations that fall under HIPAA regulation are required by law to report any data breaches that affect 500 or more individuals. These breaches are stored on a site run by the U.S. Department of Health & Human Services (HHS), which is otherwise known as the Wall of Shame. Since June 2017, we've analyzed and reported on those breaches on a monthly basis. We call it the Paubox HIPAA Breach Report and its premise is simple: Take poorly formatted government data and make sense of it. In the case of the HHS Wall of Shame:

  • It's hard to find online
  • It's hard to parse and doesn't render correctly on a phone
  • It does not retain data for more than two years

 

Now that the Paubox HIPAA Breach Report is over three years old, we've catalogued breach data that does not exist anywhere else online. As such, we can say with certainty that the HIPAA Breach Report for July 2020 contained two new plateaus:

  • Breaches in a single category. 29 Email breaches were reported, which was more than the other six categories (Desktop computer, Electronic Medical Record, Laptop, Network Server, Other, and Paper/Films) combined.
  • Breach incidents. A record high 50 breaches were reported. As context, that's more than double from the previous month’s total of 23.

 

Spearphishing for a Cure

A driving force behind recent HIPAA breaches is likely accounted for by a July article in the Wall Street Journal entitled, "Russian Hackers Blamed for Attacks on Coronavirus Vaccine-Related Targets." Here's the correlation between Russia's activities and email breaches in healthcare: "The Western allies’ report said the Russian group has shown some success gaining footholds in targeted computer networks by exploiting software vulnerabilities and using spearphishing attacks to compromise login credentials." Foreign governments using cyberattacks to gain a competitive advantage is not a new trend. What is new however, is using them to gain an upper-hand in the search for a vaccine for COVID-19. This is a new unwelcome reality healthcare organizations now face in the Age of Coronavirus.

Further Reading: HIPAA Compliant Email: The Definitive Guide

 
Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Paubox HIPAA Breach Report graphic

HIPAA Breach Report for January 2020

Picture of Hoala Greevy Hoala Greevy : January 13, 2020

The Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of...

HIPAA Breach Reports
Read More
Paubox HIPAA Breach Report logo

2019 HIPAA Breach Report: A year in review

Picture of Hoala Greevy Hoala Greevy : February 9, 2020

The Paubox HIPAA Breach Report for 2019 analyzed an entire year's worth of HIPAA breach reporting by the U.S. Department of Health & Human Services (

Healthcare cybersecurity news
Read More
HHS Breach Portal showing breaches currently under investigation by the Office for Civil Rights

What is HHS’ Wall of Shame?

Picture of Kapua Iao Kapua Iao : February 26, 2021

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.