{"id":2783,"date":"2023-09-01T15:04:15","date_gmt":"2023-09-01T15:04:15","guid":{"rendered":"https:\/\/kleetos.com\/?p=2783"},"modified":"2025-07-07T07:39:56","modified_gmt":"2025-07-07T07:39:56","slug":"data-breaches-in-healthcare-2019-preliminary-report","status":"publish","type":"post","link":"https:\/\/brightsquid.com\/us\/data-breaches-in-healthcare-2019-preliminary-report\/","title":{"rendered":"Data Breaches in healthcare – 2019 preliminary report"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The most recent statistics around data breaches in healthcare are alarming.\u00a0Healthcare is the industry most often infected by ransomware<\/a>,\u00a0and experts predict an increase in cyber-attacks through 2019. The financial impact of recent attacks as well as the implications of suffering a data breach in healthcare are significant. Understanding them will help you know what you can do to protect your practice.<\/p>

Ransomware is a serious threat to business continuity.\u00a0<\/b><\/h5>

A\u00a02017 report<\/a>\u00a0showed that one-fifth of small businesses (22%) infected with ransomware were crippled to the point of ceasing operations. The same report indicated that 75% of small businesses saw ransomware as a priority but less than half of them felt prepared to deal with the threat on their own.\u00a0
Small business also bore the lion\u2019s share of attacks (71%)<\/a>, likely because large companies are investing heavily in security and compliance. Attackers are shifting their focus to the path of least resistance and recognizing the value of healthcare information that\u2019s often more easily acquired.<\/p>

Here\u2019s how healthcare data breaches happen<\/b><\/h5>

The\u00a02019 Data Breach Investigation Report from Verizon\u00a0<\/a>states that healthcare is the only industry in which internally initiated breaches outweigh breaches caused by outside actors. According to the report, 59% of breaches in healthcare began inside the organization while 42% were from external actions, 4% started with partners and 3% were the result of actions by multiple parties.\u00a0<\/p>

The Report identifies three predominant categories of healthcare data breaches, stating that Miscellaneous errors (26%), privilege misuse, and web applications represented 81% of incidents. Of the miscellaneous errors, misdirection (sending information to the wrong person or organization) is the most common.<\/p>

This data highlights a training issue. Staff must be aware of the implications of mishandling patient information and educated about the policies and procedures established to safeguard the personal data entrusted to your organization.\u00a0<\/p>

Data breach attack motivations and targets:<\/b><\/h5>

Patient records can be worth up to $150 on the black market so it\u2019s no surprise that the Version Report showed that 83% of the breach actor motives were financial. Paired with the fact that 56% of breaches were internally initiated, that means some of the internal attackers were looking to make money on the side from selling private health information. In fact, in June of 2019, Desjardins Insurance announced that an\u00a0employee improperly accessed and shared the information of 2.7 million individuals for profit<\/a>.\u00a0<\/p>

Other motivations for healthcare data breaches identified by the Report were: fun (6%), convenience or cutting corners (3%), grudge (3%), and espionage (2%).<\/p>

The data compromised in the breaches was primarily medical (72%), but also personal (34%), and login credentials (25%) which is concerning as attackers were clearly looking to gain access to further confidential information by impersonating healthcare professionals.<\/p>

The implications of a data breach in Healthcare:<\/b><\/h5>

The breach of a patient\u2019s health information can be very damaging. There are several categories of risk identified in privacy legislation that you need to assess in order to determine whether a breach must be reported.<\/p>

The\u00a0patient risks you need to assess<\/a>\u00a0can include bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.<\/p>

The risks for your clinic are reputation damage, financial loss, professional sanctions, lawsuits, and even clinic closure.\u00a0<\/p>

What you can do to mitigate the risk of a data breach:<\/b><\/h5>

With so many breaches of health information happening due to error, it is imperative that you train clinicians and staff on a regular basis. Look for a training program that covers the relevant regulations and explains all responsibilities based on role. You\u2019ll also want to know that the privacy compliance training program you use is regularly updated.<\/p>

Assess the risk to the confidentiality of the patient information in your care by completing a Privacy Impact Assessment (PIA). A professionally prepared PIA will provide you with risk mitigation strategies around the collection, use, and disclosure of information as well as physical, technical and administrative safeguards that block privacy breaches in your clinic.\u00a0<\/p>

Implement an Information Manager Agreement (IMA) with any vendor that access the information in your care. The agreement should lay out their responsibilities for keeping information safe as well as hold them accountable for breaches that are their fault.<\/p>

Get professional privacy help:<\/b><\/h5>

Navigating the complex world of privacy compliance in healthcare is difficult. Especially when it is only one part of your responsibilities. Developing expertise in compliance comes with years of experience working with the regulations in different environments.\u00a0<\/p>

The Brightsquid privacy support team is made up of certified professionals who have worked with hundreds of clinics to establish and maintain privacy compliance. Contact us at\u00a0sales@brightsquid.com<\/a>\u00a0to learn how you can engage our team to protect your practice from patient data breaches.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

The most recent statistics around data breaches in healthcare are alarming.\u00a0Healthcare is the industry most often infected by ransomware,\u00a0and experts predict an […]<\/p>\n","protected":false},"author":4,"featured_media":3080,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2783","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-brightsquid-blog"],"yoast_head":"\nProtect Data with HIPAA Compliant Email | Brightsquid Blog<\/title>\n<meta name=\"description\" content=\"This report on data breaches in healthcare highlights the importance of using HIPAA Compliant email providers to prevent cyber attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Breaches in healthcare - 2019 preliminary report\" \/>\n<meta property=\"og:description\" content=\"This report on data breaches in healthcare highlights the importance of using HIPAA Compliant email providers to prevent cyber attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-01T15:04:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-07T07:39:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"812\" \/>\n\t<meta property=\"og:image:height\" content=\"372\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rohit Joshi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rohit Joshi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/brightsquid.com\/us\/data-breaches-in-healthcare-2019-preliminary-report\/\",\"url\":\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/\",\"name\":\"Protect Data with HIPAA Compliant Email | Brightsquid Blog\",\"isPartOf\":{\"@id\":\"https:\/\/brightsquid.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg\",\"datePublished\":\"2023-09-01T15:04:15+00:00\",\"dateModified\":\"2025-07-07T07:39:56+00:00\",\"author\":{\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7\"},\"description\":\"This report on data breaches in healthcare highlights the importance of using HIPAA Compliant email providers to prevent cyber attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#primaryimage\",\"url\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg\",\"contentUrl\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg\",\"width\":812,\"height\":372},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/brightsquid.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Breaches in healthcare – 2019 preliminary report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/brightsquid.com\/us\/#website\",\"url\":\"https:\/\/brightsquid.com\/us\/\",\"name\":\"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/brightsquid.com\/us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7\",\"name\":\"Rohit Joshi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g\",\"caption\":\"Rohit Joshi\"},\"description\":\"Rohit Joshi, MSc, JD, Co-founder and CEO of Brightsquid Secure Communications Corp., is actively involved in emerging healthcare technology trends. He has a diverse academic and professional background, spanning life sciences, law, fintech, and health technology, providing strategic guidance, compliance expertise, and operational know-how for public and private organizations across North America. As a motivating leader and speaker, Rohit stands as a champion for innovation and thoughtful solutions to the problems faced by modern healthcare systems.\",\"url\":\"https:\/\/brightsquid.com\/us\/author\/rohit\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Protect Data with HIPAA Compliant Email | Brightsquid Blog","description":"This report on data breaches in healthcare highlights the importance of using HIPAA Compliant email providers to prevent cyber attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/","og_locale":"en_US","og_type":"article","og_title":"Data Breaches in healthcare - 2019 preliminary report","og_description":"This report on data breaches in healthcare highlights the importance of using HIPAA Compliant email providers to prevent cyber attacks.","og_url":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/","og_site_name":"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches","article_published_time":"2023-09-01T15:04:15+00:00","article_modified_time":"2025-07-07T07:39:56+00:00","og_image":[{"width":812,"height":372,"url":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg","type":"image\/jpeg"}],"author":"Rohit Joshi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rohit Joshi","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/brightsquid.com\/us\/data-breaches-in-healthcare-2019-preliminary-report\/","url":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/","name":"Protect Data with HIPAA Compliant Email | Brightsquid Blog","isPartOf":{"@id":"https:\/\/brightsquid.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#primaryimage"},"image":{"@id":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#primaryimage"},"thumbnailUrl":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg","datePublished":"2023-09-01T15:04:15+00:00","dateModified":"2025-07-07T07:39:56+00:00","author":{"@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7"},"description":"This report on data breaches in healthcare highlights the importance of using HIPAA Compliant email providers to prevent cyber attacks.","breadcrumb":{"@id":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#primaryimage","url":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg","contentUrl":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/09\/secure-clinic-messaging-data-breaches-in-healthcare-brightsquid-blog.jpg","width":812,"height":372},{"@type":"BreadcrumbList","@id":"https:\/\/brightsquid.com\/data-breaches-in-healthcare-2019-preliminary-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/brightsquid.com\/us\/"},{"@type":"ListItem","position":2,"name":"Data Breaches in healthcare – 2019 preliminary report"}]},{"@type":"WebSite","@id":"https:\/\/brightsquid.com\/us\/#website","url":"https:\/\/brightsquid.com\/us\/","name":"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/brightsquid.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7","name":"Rohit Joshi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g","caption":"Rohit Joshi"},"description":"Rohit Joshi, MSc, JD, Co-founder and CEO of Brightsquid Secure Communications Corp., is actively involved in emerging healthcare technology trends. He has a diverse academic and professional background, spanning life sciences, law, fintech, and health technology, providing strategic guidance, compliance expertise, and operational know-how for public and private organizations across North America. As a motivating leader and speaker, Rohit stands as a champion for innovation and thoughtful solutions to the problems faced by modern healthcare systems.","url":"https:\/\/brightsquid.com\/us\/author\/rohit\/"}]}},"_links":{"self":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/2783"}],"collection":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/comments?post=2783"}],"version-history":[{"count":8,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/2783\/revisions"}],"predecessor-version":[{"id":3087,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/2783\/revisions\/3087"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/media\/3080"}],"wp:attachment":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/media?parent=2783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/categories?post=2783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/tags?post=2783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}