July has not been a great month for the United States. Amid record economic contraction, infections, and deaths from the coronavirus, we also saw unusual responses by federal agents against their own citizens. What this post will cover however, is another new record trend we've spotted during the Age of the Coronavirus: Data breaches in healthcare.
Email Breaches reach new HIPAA violation record
Organizations that fall under HIPAA regulation are required by law to report any data breaches that affect 500 or more individuals. These breaches are stored on a site run by the U.S. Department of Health & Human Services (HHS), which is otherwise known as the Wall of Shame. Since June 2017, we've analyzed and reported on those breaches on a monthly basis. We call it the Paubox HIPAA Breach Report and its premise is simple: Take poorly formatted government data and make sense of it. In the case of the HHS Wall of Shame:
- It's hard to find online
- It's hard to parse and doesn't render correctly on a phone
- It does not retain data for more than two years
Now that the Paubox HIPAA Breach Report is over three years old, we've catalogued breach data that does not exist anywhere else online. As such, we can say with certainty that the HIPAA Breach Report for July 2020 contained two new plateaus:
- Breaches in a single category. 29 Email breaches were reported, which was more than the other six categories (Desktop computer, Electronic Medical Record, Laptop, Network Server, Other, and Paper/Films) combined.
- Breach incidents. A record high 50 breaches were reported. As context, that's more than double from the previous month’s total of 23.
Spearphishing for a Cure
A driving force behind recent HIPAA breaches is likely accounted for by a July article in the Wall Street Journal entitled, "Russian Hackers Blamed for Attacks on Coronavirus Vaccine-Related Targets." Here's the correlation between Russia's activities and email breaches in healthcare: "The Western allies’ report said the Russian group has shown some success gaining footholds in targeted computer networks by exploiting software vulnerabilities and using spearphishing attacks to compromise login credentials." Foreign governments using cyberattacks to gain a competitive advantage is not a new trend. What is new however, is using them to gain an upper-hand in the search for a vaccine for COVID-19. This is a new unwelcome reality healthcare organizations now face in the Age of Coronavirus.
Further Reading: HIPAA Compliant Email: The Definitive Guide