The number of month-on-month healthcare data breaches of 500 or more records reported in the United States was halved in January, according to new research by the HIPAA Journal.
While December 2020 saw 62 such incidents recorded, only 32 were recorded in January 2021. The 32 breaches occurred across 18 states. Florida, where six of the breaches took place, was the worst affected state.
The journal noted: "While this is well below the average number of data breaches reported each month over the past 12 months (38), it is still more than 1 data breach per day."
Despite the massive decline in the number of breaches recorded in January, the total number of health records compromised in the first month of 2021—4,467,098—exceeded December's total by more than 225,000. A major data breach at Florida Healthy Kids Corporation that impacted 3.5 million individuals was key in driving January's figure past the four million mark.
The breach—one of the largest ever suffered by the US healthcare industry—occurred when cyber-attackers hit an IT company contracted to Florida Healthy Kids Corporation. The health plan had hired vendor Jelly Bean Communications Design to host its website and an app connected to insurance coverage.
An investigation into the incident found that unauthorized individuals were able to access sensitive data by exploiting a vulnerability. A patch that fixed the flaw had been created seven years ago but had not been applied by the IT company.
Other notable data breaches reported in January include a ransomware attack on healthcare provider Hendrick Health that compromised 640,436 records and a phishing attack on Roper St Francis Healthcare in which 640,436 records were exposed.
Hacking and other IT incidents caused the majority of healthcare data breaches in January. No theft or improper disposal incidents were recorded in January; however, one incident that exposed 2,340 records involved the accidental loss of an unencrypted laptop on which the records were stored.
"January saw 20 hacking/IT incidents reported, which accounted for 62.5% of the month’s data breaches. The protected health information of 4,413,762 individuals was compromised or exposed in those breaches—98.8% of all breached records in January," stated the HIPAA Journal.