Paubox blog: HIPAA compliant email made easy

Find out if you live in one of the top ten states for healthcare data breaches

Written by Kapua Iao | September 27, 2022

Electronic medical records (EMRs) are under constant threat of data breaches in the healthcare industry. Reports and analyses show that this isn’t going to change any time soon. Especially when dealing with protected health information (PHI), the rich, sensitive data within medical records.

SEE ALSO: More than 1M patient records breached in the last 30 days

 

Top 10 states with breached medical records

Comparitech released its most recent report analyzing U.S. data breaches from 2009 to June 2022. From this data, Becker’s Hospital Review chronicled the top 10 states where hackers are most likely to breach medical records.

State # of records
Indiana 1.28 million
Minnesota 235,259
Washington 210,632
Tennessee 210,371
Iowa 175,848
Montana 149,142
North Carolina 137,333
New York 126,355
New Mexico 122,523
Virginia 121,291

 

SEE ALSO: Anthem settles with 44 stats for additional $40M over 2015 breach

Breaches can cause major damage to healthcare organizations including downtime, high costs, lawsuits, and maybe even possible deaths. We saw this with the Anthem breach that compromised 80 million of its customers and employees. Knowing and following HIPAA is important to avoiding breaches in the first place.

 

Strong cyber protection and HIPAA complaint email need to be standard in healthcare

The warnings from Comparitech’s report and Becker’s list are two-fold. First, they advise patients, doctors, and organizations that they should be cautious with healthcare in certain states. And second, they emphasize the importance of strong cyber protections. Healthcare organizations must employ robust cybersecurity features such as HIPAA compliant email before they become a statistic.

 

Medical records and data breaches

EMRs date to the first efforts to digitize paper records. Things such as vaccination logs, medical charts, and other printed documents. A shift to EMRs brought many benefits to both healthcare providers and patients. Electronic records provide crucial health data to patients and doctors alike and help healthcare organizations deliver strong patient care. Moreover, they improve continuity and flexibility of care as electronic records are generally available at any time, any place.

SEE ALSO: The healthcare digital transformation

Unfortunately, and inevitably, an increased focus on technology also brought problems. The main one: continuous cyberattacks used to steal or encrypt PHI. Hackers want PHI to demand ransoms, steal bank account information, make fake passports, and much more.

In 2021, data breaches exposed 45.67 million records, the largest annual total since 2015. And according to data analyzed from the Office of Civil Rights’ (OCR) Breach Portal, more than 19 million records were compromised in the first half of 2022.

RELATED: What is HHS’ Wall of Shame?

In its survey, Comparitech estimates that since 2009, healthcare breaches affected 342 million medical records.

 

Six key findings about healthcare data breaches

The Comparitech team researched data from 2009 to 2022 (13 years) using breaches reported to the OCR portal. The portal includes all reported covered entity and business associate breaches from the last 24 months. These are breaches that affected 500 individuals or more.

SEE ALSO: Biggest healthcare data breaches reported this year, so far

The goal of Comparitech’s analysis is to uncover which states suffered the most data breaches. And to figure out the biggest causes of some of the breaches. There were several key findings:

  1. 4,746 medical breaches occurred
  2. The breaches affected 342,017,215 individual records
  3. 2020 was the biggest year for medical breaches—803 reported
  4. 2015 saw the highest number of records affected—over 112 million in total
  5. In 2021 and 2022, specialist clinics account for the most data breaches (15%), but hospital networks account for the most breached records (8.8 million or 16%)
  6. In 2021 and 2022 (through June), hacking was the most common type of breach (353 out of 862 breaches or 40%)

Comparitech included a state-by-state breakdown of healthcare data breaches, presenting a map as well as a comprehensive list.

HIPAA rules are in place so that this does not happen to you

HIPAA (the 1996 Health Insurance Portability and Accountability Act) is U.S. legislation that protects the rights and privacy of patients. It was designed in large part to keep patients’ PHI and medical records private.

The HIPAA rules discussed most often are the Privacy Rule and Security Rule. Together, they provide essential guidelines for the proper protection and disclosure of PHI. When it comes to technology, the HITECH Act promotes the adoption and meaningful use of electronic records. And this also means strong cybersecurity measures.

RELATED: HHS requests comments on HIPAA HITECH Act as cyber threats increase

A HIPAA compliant healthcare organization fulfills HIPAA’s requirements. If OCR finds an organization uncompliant and/or unable to verify due diligence, it will probably financially penalize the organization.

Such fines run from $100 to $1.5 million per violation along with potential jail time. Anthem paid $16 million to OCR along with over $100 million in lawsuit settlements. Avoiding a HIPAA violation and related breach costs is possible by understanding and following HIPAA and its rules. That means ensuring strong cyber protections.

 

Don’t let a breach destroy you, keep your email HIPAA compliant

The only way to ensure healthcare organizations don’t become a statistic is to use a combination of solid cybersecurity methods. This might include up-to-date employee awareness training, perimeter defenses, data encryption, and access controls. And most importantly, email security (i.e., HIPAA compliant email) such as Paubox Email Suite.

RELATED: Today’s essential email security to avoid healthcare breaches

Our HITRUST CSF certified solution sends HIPAA compliant email by default and automatically encrypts every outbound message. It can conveniently integrate with your current platform, such as Google Workspace or Microsoft 365. Patients can receive emails directly to their inbox without navigating separate portals or passwords.

And even better are our inbox protections. Paubox Email Suite impedes such techniques as spoofing with ExecProtect. It can also keep malware and phishing emails at bay with Zero Trust Email. PHI stays contained, and email, known as the worst threat vector, remains secure.

Comparitech’s statistics may seem daunting, but rather than see it as inevitable, ensure you and your patients always remain protected. Ensure secure cyber protections and safeguard medical records properly so that they can benefit rather than impede patient care.

 

Try Paubox Email Suite Plus for FREE today.