Healthcare organizations saw 37 breach incidents in October, consistent with 2017's one breach-per-day rate, compromising more than 246,246 patient records, according to the Protenus Breach Barometer report.
Each month, cybersecurity firm Protenus analyzes healthcare breaches reported to HHS or disclosed to the media. Although there were 37 incidents reported in October, Protenus had data for 29 incidents.
Here are seven things to know.
1. October marked a significant drop in the number of breached records compared to previous months — like September (499,144), August (673,934) and July (575,142).
2. The single largest incident compromised 150,000 patient records, although that number is based on an estimate, and an investigation into the incident is ongoing.
3. Eleven incidents were the result of insider error, breaching a total of 157,737 records. However, six incidents were the result of insider wrongdoing.
4. There were four incidents of physical theft, affecting 16,533 records and two incidents of records being lost or went missing, affecting a total of 3,994 records. Four incidents involved third-party associates.
5. Of the 37 incidents, 29 were reported by healthcare providers, seven by health plans and one by a school.
6. It took an average of 448 days for a healthcare organization to discover a data breach in October, with one organization taking nearly three years to discover it had been breached.
7. It took an average of 175 days from when an incident was discovered to when it was disclosed to HHS or the media, although most organizations reported within the mandatory 60-day window.
Click here to read the full report.
More articles on cybersecurity:
5 most interesting health IT partnerships this week
What are the pros and cons of letting patients edit their medical notes?
US investments in medical and health research grew 20.6% from 2013 to 2016: 5 things to know