Breaches Affected 390,000 Patients - Avoid Penalties by Ensuring HIPAA Compliance

The whole world collectively is probably facing the biggest crisis it has in decades. The coronavirus pandemic is raging across the world, and as of this moment, it has infected almost 6 million people globally. The whole world is abandoned, the brightest minds are clueless, and scientists are racing against time to find a viable cure to this deadly virus.

Data breaches are still happening

However, even while the whole world is in chaos, that did not stop data breaches from occurring. Even this March, hospitals, insurance companies, as well as business associates, reported to the government that they faced 30 data breach incidents - affecting almost 390,000 patients.

Numbers have deceased

If something positive can be said about the data breaches this March, it is the fact that the number of patients affected this year’s March is 60% lesser when compared to the breaches which occurred during March of 2019. Last year, the month of March saw 35 healthcare data breaches which affected around 972,000 individuals. This is as per the data from the Office for Civil Rights.

However, back in February, the number was significantly higher - healthcare organizations and business associates reported 43 data breaches, it affected a whopping number of 1.6 million patient data!

The biggest data breach in March

One data breach single-handedly affected over 100,000 patients. The breach took place at Tandem Diabetes Care, a medical device manufacturer based in San Diego. However, they did report it to the Office for Civil Rights.

The Californian manufacturer detected that an unauthorized user probably gained access to a number of employees’ email accounts back in January. This happened because of phishing, as per the organization, and it is a preferred tool used by hackers.

Phishing basically occurs when hackers send malware or else assume the identity of a trusted individual or entity of the targets, such as their employers, tricking them into sharing information and gaining access to their accounts.

The aftermath of the breach

After a thorough inspection of the incident, Tandem Diabetes Care reported the data breach to the Office for Civil Rights back on 17th March. The affected email accounts in question contained sensitive information of the patients such as their names, diabetes therapy data, as well as Social Security Numbers of some unfortunate patients. The Department of Health & Human Services (HHS) gives covered entities such as health plans, healthcare clearinghouses, and certain healthcare providers who fall under HIPAA (Health Insurance Portability and Accountability Act) 60 days to report such incidents since the detection of said incidents.

All in all, Tandem Diabetes Care announced that the data breach impacted over 140,000 patients - leaving their sensitive and private health data compromised. This number is over one-third of the number of affected patients this March, as per the data breaches reported to the Office for Civil Rights.

Most of the data breaches reported in March were either caused by hacking or IT related incidents. The rest of the data breaches were caused by unauthorized access, unauthorized disclosure, loss, or theft.

Ensuring HIPAA compliance can be cumbersome

While Tandem Diabetes Care is ensuring HIPAA Compliance, most organizations struggle to do so. HIPAA Compliance is a lengthy and hectic process for any given organization that falls under its jurisdiction. There are numerous rules and regulations to follow and maintain to ensure HIPAA Compliance - any violations are met with severe penalties from the authorized bodies. This is not only for covered entities but for Business Associates as well. Thus, ensuring HIPAA compliance is a must to avoid penalties and ensure smooth operations.

However, no matter how big the organization is, HIPAA compliance management is tedious. This is where HIPAA Ready comes into play. It is a HIPAA compliance software that gives organizations peace of mind - it lets them update the latest HIPAA policies and procedures, schedule HIPAA related training, report incidents, and create digital checklists for simplifying HIPAA compliance. All the HIPAA documentation can be saved centrally within the application and can be accessed by authorized parties to improve coordination and simplify HIPAA compliance.