Providers, health plans and their business associates reported 31 data breaches to HHS' Office for Civil Rights in February.
All in all, these breaches compromised data from more than 2 million people. That's up more than 500% from the 309,644 people affected by healthcare breaches reported in February 2018.
A breach at UW Medicine in Seattle accounted for nearly half of these individuals. On Feb. 20, the health system disclosed a website vulnerability that exposed protected health information from an estimated 974,000 patients. This marks the the largest breach reported yet this year.
Although UW Medicine reported the breach in February, the information security incident took place in December 2018. HHS gives HIPAA-covered entities 60 days from when they discover a breach to notify the department.
Nearly three-quarters of organizations that reported breaches in February attributed the incident to hacking or IT incidents. The remaining breaches were attributed to theft—such as theft of paper records, film or laptops—as well as unauthorized access or disclosure.
Overall, hacking and IT incidents were up roughly two-fold from February 2018. One of the 23 hacking incidents reported in February related to a foreign attack on an emergency medical services provider in North Carolina.
A hacker operating outside of the U.S. accessed a server that housed billing information related to EMS services provided by the state's Pasquotank County, according to a notice the Pasquotank-Camden Emergency Medical Services posted Feb. 28. The organization did not specify the country of origin or when the hack occurred.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.
