Atrium Health, previously Carolinas HealthCare System, said today that data of about 2.65 million patients including addresses, dates of birth and social security numbers may have been compromised in a breach at its third-party provider AccuDoc Solutions.
Atrium, which provides healthcare and wellness programs throughout the Southeast region in the United States, said a review revealed an unauthorized access to AccuDoc’s databases between Sept. 22 and Sept. 29.
Pravin Kothari, CEO at CipherCloud:
“Just when we thought things might be improving in healthcare data security, the Atrium Health Breach repositions 2018 as a record year for healthcare cyber attackers. In the first half of 2017, approximately 1.6m+ healthcare records were reported as breached. In the second half of 2017 this number increased slightly to 1.7m+ healthcare records for a grand total in 2017 of about 3.4 million records. In the first half of 2018, we noted roughly 1.9+ million healthcare records breached.
Now, with the Atrium Health breach the ball for the 2nd half of 2018 threatens to set a new half record with over 2.65 million patient records in just one reported event. The moral of the story? Healthcare security, both on-premise and in the cloud, has not caught up with best practices and likely won’t do so anytime soon.
Note that CipherCloud lab analysis is based upon our sources of data which reflect large breaches in the U.S. impacting over 500 patients. This data, in great part, is derived from data which must be reported to the U.S. HHS OCR in the event of a healthcare data breach. HHS OCR administers Health Insurance Portability and Accountability (HIPAA) compliance, which can levy very substantial fines in the event that electronic personal health information (ePHI) has not been protected adequately.“
George Wrenn, CEO and Founder at CyberSaint Security:
“Naturally, scaling a business includes partnerships. It’s a matter of how to manage the risks that come with a rapidly growing vendor list. Seventy-five percent of mid-sized companies and enterprises expect their vendor list to grow by at least 20% this coming year and beyond. Third party risk management isn’t just a security problem anymore- these issues are making their way up to the Board because higher levels of risk deter business success and growth.
If nothing else, unknown risks within a supply chain can fuel fear around expansion. According to Gartner, 75% of the Fortune 500 will treat Vendor Risk Management as a board-level issue by 2020, driven by uncertainty and the pressing need to manage risk.
Every stakeholder should have easily accessible visibilityinto where risks lie within any given vendor list, and should be able to have the insights from that information to take meaningful action. There needs to be a better way to manage the growing risk that comes with expanding businesses.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.