The online HIPAA Journal has published the statistics for reported breaches of protected health information (PHI) of 500 or more patients occurring during August, 2020, available here.  The total number of such breaches reported was 37, virtually identical to the number of breaches reported in July and a significant decrease from June.  Notably, however, the total number of patients whose PHI was accessed in these breaches rose dramatically, from 1.3 million in July to over 2.1 million.  This increase appears largely, if not entirely, attributable to the ransomware attack against Blackbaud, a business associate of many healthcare organizations in the United States. 

Hacking/IT incidents continue to account for most of the reported attacks and to cause the vast majority of PHI disclosures.  These attacks were evenly divided between attacks against network servers and phishing attacks occurring via email.   

Given the average cost per record of a medical data breach, these numbers are a vivid reminder to health care providers to constantly stay prepared for cyber threats.  Chilivis Grubman presented an informative webinar on preparing for and responding to ransomware attacks.

The attorneys at Chilivis Grubman represent clients of all sizes in connection with data breach and cybersecurity matters, including regulatory obligations and litigation arising therefrom.  If you need assistance with such a matter, please contact us today.