Data Breaches & the Healthcare Industryby: Glenn Landry, EVP Operations

Having trouble viewing this email? Click here

FEBRUARY 2016

General Liability

Newsletter

Data breaches continue to be on the forefront of risk awareness in the healthcare community.The cyberattack on Indianapolis­based Anthem, reported in February 2015, was the biggesthealthcare data breach to date, affecting 78.8 million individuals. The information servicesgroup Experian reports the number of data breaches it has serviced has increased between 15and 18 percent each year over the last three years. 46 percent of incidences Experian hasserviced are in the healthcare industry.

In addition to notifying the affected individuals, covered entities (such as hospitals, medicalclinics and pharmacies) that experience a breach affecting more than 500 residents of a stateor jurisdiction are required to provide notice to prominent media outlets serving the state orjurisdiction where the breached occurred, in addition to notifying the affected individuals.

The healthcare industry suffered its worst year to date for data breaches in 2015. According tothe Office of Civil Rights, in 2015 healthcare breaches affecting 500 or more individuals totaled253 with a combined loss of over 112 million records. The top 10 healthcare data breaches in2015 accounted for more than 111 million records that were lost, stolen or inappropriatelydisclosed; thirteen reported 2015 healthcare breaches affecting 500 or individuals in Louisianaput 115,201 individuals at risk.

One of the Trending­Now articles below reports nine healthcare data breaches have beenreported in the USA in the past three weeks.

Financial data has a finite lifespan because it becomes worthless the second the customerdetects the fraud and cancels the card or account. Information contained in healthcare recordshowever, has a much longer "shelf life" for identity theft. Social Security numbers can't easilybe cancelled and medical and prescription records are permanent. There is also a large

market for health insurance fraud and abuse, which may be more lucrative than simply sellingthe records outright in forums.

Healthcare data continues to be extremely valuable to cyber­criminals. In the wrong hands, itcan provide access to medical treatment or prescription medications that can be resold to thirdparties. It also includes valuable information like social security numbers that can be used foridentity theft and fraud. The FBI recently said that criminals can sell health care information foras much as $50 a record.

The healthcare industry should be prepared for more large scale attacks in 2016 and possiblechanges to the way the government approaches breaches.

TRENDING NOW

Ten Latest Data Breaches

The following data breaches have been reported to Becker's Hospital Review inthe past three weeks. These include breaches include a physician's officewhere paper patient charts of 1,300 patients were stolen from the office to sixmissing hard drives with protected health information of approximately 950,000individuals...read more

Source: Becker's Health IT and CIO Review

Data Breaches in 2016: What Can We Expect?

The threat of data breaches isn't going away, and the threat landscape isconstantly evolving, influenced by social, political and industry­specific factors.2015 had several significant data breaches, both within healthcare and in otherindustries...read more

Source: Becker's Health IT and CIO Review

Data Breaches in Healthcare Totaled Over 112 Million Records in 2015

Healthcare's "wall of shame" for 2015 officially ends on December 31, 2015. Itwasn't really a "wall," it's just a website, but it's the online mechanism for theOffice of Civil Rights under Health and Human Services to publish databreaches as reported to them and required by HIPAA...read more

Source: Forbes Business ­ Healthcare

PCI DSS Quick Reference Guide: Protecting Cardholder Data with PCI SecurityStandards

The intent of this PCI DSS Quick Reference Guide is to help you understandthe PCI DSS and to apply it to your payment card transaction cardenvironment. PCI DSS follows common sense steps that mirror best securitypractices. The DSS globally applies to all entities that store, process ortransmit cardholder data...read more

Source: PCI Security Standards

Epic Has The Youngest Physician User Base: What Does This Mean for the Future ofEHR Vendors? 10 Takeaways

Looking at the demographics of a vendor's client base can provide insight intothe EHR market share, potentially even hint at whcih vendors are positioned forcontinued growth. A new research report combines data on physician EHRusers and their demographic to estimate the average age of the client base for10 of the largest EHR vendors...read more

Source: Becker's Health IT and CIO Review

FEATURED SAFETY TRAINING VIDEOThe HIPAA Rule Healthcare Privacy, Security and Enforcement (17 minutes)

As healthcare continues to adopt technology to coordinate patient care, the need to protect electronichealth information is becoming increasingly important. The challenge is keeping staff educated and up­to­date with ongoing changes.

Quick Preview

All of our safety training videos are available at no cost to all LHA Trust Fund members. These videos can beaccessed on demand by any of your employees. To gain access for your employees, contact Angela Castonat 225.368.3802 or via email here.

YOUR SERVICE TEAM

Glenn EiserlohSenior Risk Consultant

225.368.3821

Steve JohnsonSenior Risk Consultant

318.227.7204

Mike Walsh, AIC, CPCULiability Claims Manager

225.368.3815