Recap on Q1 healthcare breaches

May 10, 2018//Ellen Neveux

Last Updated: October 25, 2021

Earlier this year a study stated that healthcare data breaches were at a four-year low. It definitely doesn’t feel like this is a “low” with the number of breaches that have already occurred in 2018. It seems that the healthcare industry is constantly under attack from bad actors who are finding ways to access healthcare networks from third-party’s level of access.

Why are bad actors continuously targeting the healthcare industry, you ask? It’s because healthcare data (e.g. PHI) is the new prize for hackers—it gives hackers the most bang for their buck. If you think this isn’t true, take a look at the statistics: during the first three months of 2018, 1.13 million patient records were breached.

Roundup in numbers

This supposed four-year low doesn’t seem to be all that low when looking at a number as large as 1.13 million. Protenus reported that there was a total of 110 health data breaches that were disclosed to the U.S. Department of Health and Human Services (HHS) during the first quarter of 2018. In other words, that means that on average there was at least one disclosed health data breach per day. Of those, it is known that 20 of them came from incidents that involved Business Associates (BAs) or third-party vendors. Of the 20, information was available for 14 of the incidents, which affected 180,865 patient records. Four of the reported instances occurred because a Business Associate was involved in a hacking incident. In other words, BAs are taking advantage of the access granted to a third-party to get into healthcare networks.

Along with BA involvement, hacking is another route that greatly affects the healthcare industry. Protenus reported that 55 percent of all breaches in the healthcare industry in the first quarter of 2018 were a result of hacking. Not so surprisingly, hacking has been a consistent threat to healthcare organizations, with a total of 30 incidents occurring over a three-month span. Of those 30 attacks, 11 of them happened because of malware or ransomware; 5 attacks mentioned phishing.

SecureLink | Healthcare Breaches

Keep in mind that these numbers are just the bare minimum of breaches that have happened. It is very likely that more attacks have occurred, but the information has not yet been put together. This is, partially, because it takes about 244 days to detect a health data breach. According to, then, this is evidence that reinforces the growing need for proactive monitoring of all accesses to patient data, which is quickly becoming a standard best practice for healthcare organizations across the country. In other words—the best secure remote access platform that is proactive and can protect you from every angle.

Noteworthy healthcare breaches

2018 has been quite the year for breaches, especially in the healthcare industry. With some breaches getting more time in the spotlight than others, it’s important to reflect on what has happened so far in 2018 to the industry. Remember, we aren’t even halfway through 2018 and the first three months saw over 1 million patient data breached.

At the end of February, Protenus reported that over 800,000 patient data had been breached in the healthcare industry. March came and went, and now it has been reported that 1.13 million patient data has been breached. Earlier in the year, we wrote about the FastHealth and Capital Digestive Care breach, but another huge breach in the healthcare industry happened in Oklahoma. According to, Oklahoma State University Center for Health Sciences had to notify roughly 280,000 Medicaid patients after a hack. The hack stemmed from an unauthorized third-party who gained access to folders that contained PHI.

Why can’t the healthcare industry catch a break when it comes to data breaches? Because PHI is worth more than something like a simple credit card number. We don’t expect to see bad actors changing gears and leaving the healthcare industry alone. So, be proactive while also protecting yourself and your clients as best you can.

Security and compliance

The healthcare industry can be tough to navigate. According to an upcoming SecureLink EDGE Research report, the average number of vendors is 79 in the healthcare industry. That’s a lot of different vendors to take care of, especially when thinking about the importance of being compliant with both HIPAA and the HITECH Act. So, what can you do to keep PHI safe while also being compliant?

Find the right secure remote access that was made specifically for healthcare industry needs. Not only will you be able to stay compliant with both HIPAA and the HITECH Act, but you will also find that the best secure remote access offers even more—like access management, authentication, granular access, and high-definition audit. The best part about all of this, besides further protecting yourself from third-party weaknesses, is that it is all found on one secure remote access platform—SecureLink.

The right secure remote access

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close