Dive Brief:

  • Sometime around Dec. 29, thieves stole an unencrypted hard drive with seven years of patient data from Denton Health Group, part of HealthTexas Provider Network, Healthcare IT News reports.
  • The stolen hard drive contained backup electronic health records from 2009 to 2016, with scads of personal data, including names, Social Security numbers, birthdates, addresses, phone numbers, driver’s license numbers and medical record numbers.
  • Denton discovered the breach on Jan. 11 and notified patients on March 10.

Dive Insight:

2016 was a rough year for cybersecurity in healthcare, and privacy threats continue to challenge CIOs and CISOs this year.

The breach underscores the need for encryption. Just 65% of U.S. healthcare organizations encrypt data in the cloud, and only 59% use encryption to secure sensitive internet of things data, according to the 2017 Thales Data Threat Report, Healthcare Edition.

Last year saw an average of at least one health data breach every day, compromising 27, 314,647 patient records, according to cybersecurity startup Protenus. November alone had 58 data breaches, the largest number for any month. And 2017 is looking no different, with 31 health data breaches in January, affecting 388,307 patient records.

HHS’ Office for Civil Rights has turned up the heat on healthcare organizations to do more to prevent data breaches such as reassessing their electronic authentication methods. The office also directed its field offices to step up investigations of smaller breaches. Last month, OCR fined Children’s Medical Center of Dallas $3.1 million over multiple HIPAA violations.