Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsMore Privacy Breaches in Healthcare from Provider Leaks than Hackers
A study from Michigan State University published in the Journal of the American Medical Association (JAMA) Internal Medicine revealed that more than half of the recent personal health information (PHI) data breaches were from internal issues with medical providers, not because of hackers or external parties.
Cybersecurity has been a focus of much of the concern over protecting personal data prior to 2018, but it has become clear in 2018 that additional attention on internal risks are warranted.
The research reviewed a joint 2017 study on nearly 1,800 occurrences of large data breaches in patient information over seven years. These data breaches are reported to the Department of Health and Human Services, and classified into six categories. The JAMA Internal Medicine paper reviewed nearly 1,150 cases between October 2009 and December 2017 that involved more than 164 million patients.
Of the breaches, 53% were the result of internal factors in healthcare entities. Unauthorized access or disclosure were involved in one quarter of all of the breach cases, and that was more than twice the amount that was caused by external hackers. The privacy leaks involved employees forwarding to personal accounts, taking PHI home, emailing the wrong recipients, or sharing unencrypted content, among other things.
Cambridge Analytica has been the most prominent example of a privacy leak disclosed in 2018. As a result, much of the attention has been on Facebook. But that does not mean that they are not happening to other businesses. The study author said, “Hospitals, doctors offices, insurance companies, small physician offices and even pharmacies are making these kinds of errors and putting patients at risk.”
Other businesses also need to be reviewing their collection, processing and sharing of personal information to make sure that they are not leaking it as well.
Other Blog Posts on Privacy Breaches:
New PIPEDA Rules for Data Breach Reporting in Canada
Google Plus Privacy Breach: Europe to Investigate; Senator Blumenthal Calls for FTC Investigation
SEC Issues First Fine for Delayed Data Breach Disclosure to Yahoo Remnant
FTC Expands Uber Privacy Settlement Over 2016 Data Breach
Contact Clarip for Help with Your Privacy Program
The Clarip privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping automation, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie management software, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR software, or provide the right to opt out of the sale of personal information with our consent management platform.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
