At first glance, one might think that data breach records for 2015 would be a cause for optimism among healthcare sector managers and lawyers in the US. According to the US Department of Health and Human Service's Office for Civil Rights, the total number of data violations in the sector, recorded at 255 for the 2015 calendar year, was in fact down from the 287 breaches recorded in 2014 and the 268 known breaches in the previous year. However, as the quantity of breaches edges down, their scale has grown alarmingly large. Of the 255 breaches recorded last year, the three largest alone accounted for approximately 80 per cent of all affected healthcare records. All three breaches were unprecedented in size, outstripping the largest breaches from 2014 and 2013 by at least five million affected records each.
High-risk sector
Data security is a growing risk area for in-house legal departments, with approximately one in three general counsel reporting some experience of a data breach at their present or former company. However, according to research from the Association of Corporate Counsel Foundation, lawyers in the healthcare sector are almost twice as likely to report experiencing a data breach as their colleagues in other sectors. The ACC Foundation report on cybersecurity, released in December last year, found that 56 per cent of surveyed in-house counsel for businesses in the healthcare/social assistance sector had experienced a breach, almost double the 31 per cent recorded for the entire cross-industry survey sample. Healthcare lawyers were also more likely to report that preparedness measures had been implemented by their employers, including cybersecurity insurance and third-party disclosure agreements with vendors.
New task force
In response to the growing risk, the US Congress passed legislation in December that requires healthcare businesses to report cybersecurity threats and breaches to the federal government, as well as thorough data protection and threat preparedness plans. The legislation has also established a one-year healthcare industry cybersecurity task force, comprised of cybersecurity experts and healthcare stakeholders, to analyse the cybersecurity risks facing the sector and recommend 'actionable cyber threat indicators and defensive measures' to the federal government. Sources: JD Supra; Association of Corporate Counsel Foundation; Password Protected
Email your news and story ideas to: [email protected]
