June 2022 Healthcare Breach Report

Each month, we review healthcare breaches to determine the leading cause and how the incidents could have been prevented. We do so by examining the Office for Civil Rights (OCR) online breach portal. The OCR publicly posts healthcare breaches that affected 500 or more patients to ensure that all affected patients know their information could have been potentially compromised.

June was another prolific month for healthcare data breaches. Covered entities and business associates reported breaches affecting 5,843,989 records containing protected health information (PHI). 

In June 2022, there were 67 large-scale breaches reported, most of which affected healthcare providers, with 54 incidents. These 54 incidents compromised the PHI of 4,758,130 individuals, representing 81.4% of patients affected by the June incidents. 

Business associates reported nine additional incidents, accounting for close to one-fifth of all records breached. Business associate incidents affected 1,973,104 patients, representing 18.4% of patients affected. 

Four health plans also reported incidents affecting 11,955 patients and representing 0.2% of affected patients. 

In June, 54 breaches resulted from hacking incidents. There were six breaches caused by unauthorized access or disclosure of PHI, four incidents involving theft, two caused by improper disposal, and one as the result of loss of PHI.

June 2022 Healthcare Breaches and Hacking

Cybercriminals are still busy as hacking continued its streak at the top of the list of causes of healthcare breaches in June 2022. The 54 hacking incidents reported in June affected the PHI of 5,770,855 patients. These 54 incidents represented 98.7% of the breached records reported during the month.

Rated #1 on G2

“Compliancy Group makes a highly complex process easy to understand.”

Easiest To Do Business With 2024

Entities affected by hacking:

  • 44 healthcare providers, 4,696,071 patients, 81.4% of patients affected by hacking
  • 9 business associates, 1,073,904 patients,18.6% of patients affected by hacking
  • 1 health plan, 880 patients, less than 0.02% of patients affected by hacking

Types of hacking incidents:

  • 28 network server hacks, 3,686,2839 patients, 89.9% of patients affected by hacking
  • 8 email hacks, 111,9849 patients, 2.0% of patients affected by hacking
  • 13 electronic medical records, 512,25485 patients, 9.2% of patients affected by hacking
  • 1 desktop computer/EMR/network server hack, 8,000 patients, 0.1% of patients affected by hacking
  • 1 other causes hack, 1,290,104 patients, 23.0% of patients affected by hacking

How to Prevent Hacking Incidents

As hacking incidents have become the leading cause behind healthcare breaches for several years, minimizing your risk of being targeted is crucial.

Security Risk Assessments and Remediation

Security risk assessments (SRAs) are vital for security and compliance. An SRA aims to identify weaknesses and vulnerabilities in your security practices to prepare yourself against potential threats. Once SRAs have been conducted, it is essential to create remediation plans to address any identified deficiencies.

Employee Cybersecurity Training

A significant portion of hacking incidents results from phishing emails. This is why employee cybersecurity training is essential to your organization’s overall security posture. Employees should be trained on recognizing phishing attempts and what to do if they suspect an incident has occurred.

June 2022 Healthcare Breaches and Unauthorized Access or Disclosure

Incidents of unauthorized access or disclosures of PHI can occur in two ways – an authorized employee accesses PHI inappropriately, or an unauthorized party gains access to PHI. In June 2022, six incidents of unauthorized access or disclosure of PHI were reported. These incidents affected 59,224 patients, representing 1.0% of the breached records reported in June.

Entities affected by unauthorized access or disclosure:

  • 4 healthcare providers, 48,944 patients, 17.4% of patients affected by unauthorized access or disclosure
  • 2 health plans, 10,280 patients, 82.6% of patients affected by unauthorized access or disclosure

Types of unauthorized access or disclosure:

  • 1 paper/films incidents, 874 patients, 1.4% of patients affected by unauthorized access or disclosure
  • 3 other cause incidents, 47,007 patients, 79.4% of patients affected by unauthorized access or disclosure
  • 1 email incident, 1,574 patients, 2.7% of patients affected by unauthorized access or disclosure
  • 1 network server incident, 9,766 patients, 16.5% of patients affected by unauthorized access or disclosure

How to Prevent Unauthorized Access or Disclosure

As we mentioned, there are two ways in which unauthorized access or disclosures occur – inappropriate employee access or unauthorized access by another entity.

Policies and Procedures and Employee Training

HIPAA policies and procedures are essential to HIPAA compliance as they guide employees on what is appropriate. HIPAA requires employee use and disclosure of PHI to be limited to the minimum necessary to perform their job functions. Your policies and procedures should dictate this, and employees should be trained on the policies and procedures to be aware of their obligations. 

User Authentication, Access Controls, and Audit Controls

To ensure adherence to the minimum necessary standard, you must implement user authentication, access controls, and audit controls. User authentication provides unique login credentials for each employee, while access controls enable administrators to designate different PHI access levels using those unique login credentials. Also, based on the implementation of unique login credentials, audit controls track access to data to ensure that PHI is accessed appropriately by each employee.

June 2022 Healthcare Breaches and Other Causes

In June 2022, other types of breaches were reported to OCR that affected a total of 13,910 individuals, representing 0.2% of the breached records reported in June.

  • 4 healthcare providers reported thefts of laptops and other media, 11,389 patients 81.9% of the total patients affected by other causes
  • 1 health plan reported the loss of paper/film, 795 patients, 5.7% of the total patients affected by other causes
  • 2 healthcare providers reported improper disposal of paper/films, 1,726 patients, 12.4% of the total patients affected by other causes

Prevent HIPAA Breaches

Don’t fall victim to breaches. Protect your business by becoming compliant today!