July has not been a great month for the United States. Amid record economic contraction, infections, and deaths from the coronavirus, we also saw unusual responses by federal agents against their own citizens. What this post will cover however, is another new record trend we've spotted during the Age of the Coronavirus: Data breaches in healthcare.
Organizations that fall under HIPAA regulation are required by law to report any data breaches that affect 500 or more individuals. These breaches are stored on a site run by the U.S. Department of Health & Human Services (HHS), which is otherwise known as the Wall of Shame. Since June 2017, we've analyzed and reported on those breaches on a monthly basis. We call it the Paubox HIPAA Breach Report and its premise is simple: Take poorly formatted government data and make sense of it. In the case of the HHS Wall of Shame:
Now that the Paubox HIPAA Breach Report is over three years old, we've catalogued breach data that does not exist anywhere else online. As such, we can say with certainty that the HIPAA Breach Report for July 2020 contained two new plateaus:
A driving force behind recent HIPAA breaches is likely accounted for by a July article in the Wall Street Journal entitled, "Russian Hackers Blamed for Attacks on Coronavirus Vaccine-Related Targets." Here's the correlation between Russia's activities and email breaches in healthcare: "The Western allies’ report said the Russian group has shown some success gaining footholds in targeted computer networks by exploiting software vulnerabilities and using spearphishing attacks to compromise login credentials." Foreign governments using cyberattacks to gain a competitive advantage is not a new trend. What is new however, is using them to gain an upper-hand in the search for a vaccine for COVID-19. This is a new unwelcome reality healthcare organizations now face in the Age of Coronavirus.
Further Reading: HIPAA Compliant Email: The Definitive Guide