My good friend Judy Greenwald reported at BusinessInsurance.com that “Hijacking and information technology incidents reported to the Department of Health and Human Services’ Office for Civil Rights among covered entities and business associates have increased by 843% between 2015 and last year.” The June 27, 2022 report entitled “Breaches among health care entities, associates soar: GAO” included these comments from U.S. Government Accountability Office:
The report said there were a total of 1,781 incidents during that period. According to the report, the OCR’s deputy director for health information privacy has said that covered entities and business associates reported email as a common attack vector among the breached.
A lack of multifactor authentication was a common factor among entities that experienced a breach, the director reported.
The GAO also reported that the number of incidents involving unauthorized access and disclosures increased 435% since 2015, to 926.
No surprise that cybercriminals want healthcare data!