Healthcare providers have become a lucrative target for cyber criminals and many reported breaches are occuring at health centers. Since 2009, when the Department of Health and Human Services started tracking breaches that involved protected health information exposure of 500 patients or more, upwards of 1700 cases have been reported. These breach incidences are highlighted on the U.S. Department of Health and Human Services, Office for Civil Rights Breach Portal.
It is important for Health Centers to be aware of breaches that are occuring, the ways in which health systems were attacked, and the types of information stolen so that they can properly address these issues within their security risk assessment documentation. The HHS Breach Portal documents aspects such as the health care provider involved, the number individuals affected, the type of breach and the location of breached information (e.g. email vs network server).
From the HHS website: "As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. These breaches are now posted in a new, more accessible format that allows users to search and sort the posted breaches. Additionally, this new format includes brief summaries of the breach cases that OCR has investigated and closed, as well as the names of private practice providers who have reported breaches of unsecured protected health information to the Secretary."
Use the link below to find out more about breaches that have recently occurred within health centers and other health care providers across the U.S.