2018 Third-Party Healthcare Data Breaches – Update

Business Associate Healthcare Data Breaches

In “Episode 63: Know The Rules!”, I reported what I thought were all of the healthcare data breaches reported on the Health & Human Services (HHS) Office of Civil Rights (OCR) Breach Portal website by Business Associates (BAs) in 2018.

This is what I reported last week:

The year 2018 was very bad for healthcare data breaches reported by BAs. Between January – December 2018, there were 39 different BA healthcare breaches added to the OCR ‘Wall of Shame’, potentially compromising the health information of 5,487,456 individuals.

Seems I was wrong! Why is this and how did it happen? On January 9, 2019, after a quick review of the Breach Protocol website, I noticed a new breach affecting a health plan. Nothing new, but I knew this breach was a phishing attack on their BAs.

In last week’s episode, I only reported the breaches identified as “Business Associate” under the Covered Entity Type report column. However, there were many more breaches hiding in the wings.

This caused me to dig deeper into the report, and this is what I found:

An Even Worse Year for Business Associates and Their Clients

It turns out, 2018, was worse than I thought! During 2018, there were a total of 74 different healthcare breaches on the wall. Here are the numbers:

  • Unauthorized Access/Disclosure = 34
  • Hacking/IT Incident = 33
  • Loss = 5
  • Theft = 2

That’s 71 new Business Associate breaches added to the ‘Wall of Shame’ and who now could have OCR in their business affairs – this is NOT a place you EVER want YOUR business to be in. But wait, didn’t I just tell you there were 74 different BA healthcare breaches?

Clearly, you were paying attention; that is because 3 different organizations had already made the list in 2018!!

Remember: Keeping your PHI secured and maintaining HIPAA compliance is YOUR responsibility!

Covered Entities and Business Associates need to understand your patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patients, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?

2018 Business Associate Healthcare Data Breach Report Request




Request your copy today of the ‘2018 Business Associate Healthcare Data Breach Report’ and find out who made the list.