por Valerie Dimond
, Contributing Reporter | September 08, 2020
Northwestern Memorial HealthCare has notified the U.S. Department of Health and Human Services about a data breach, which the provider says was initiated via one of its vendors, Blackbaud.
Blackbaud provides software to manage fundraising databases and said it notified the healthcare provider that in mid-July an unauthorized person hacked the company’s system between Feb. 7 and May 20.
Northwestern Memorial said the breach did not target the health system or involve access to its electronic medical record systems, although five people had their Social Security numbers, financial accounts and payment information exposed.
“The individual may have acquired a backup of the database which includes donor or patient information for whom donations were made, including names, age, gender, dates of birth, medical record number, dates of service, departments of service, treating physicians, and/or limited clinical information,” Christopher N. King, director, media relations & communications, Northwestern Medicine, told HCB News.
According to a recent Protenus Breach Barometer report, healthcare data breaches have tripled across the United States in 2019 over the previous year.
"The increase in total incidents is a result of the healthcare industry's unique challenges that are unlike other industries," Protenus CEO Nick Culbertson told HCB News in February
. More than 41 million patient records were breached in 2019. The report revealed a 48.6% jump in reported hacking incidents but also found a 20% decrease in insider-related incidents.
A new study
published in a special issue of the open access journal, Healthcare
, shows the average cost of a data breach is $6.45 million, up from $3.92 million in 2019. The average cost of a breached record is $150. But in the healthcare industry, the cost of each breached record was $429 in 2019. The average cost of each record increased by 1.35% in 2019 relative to 2018, and the cost of each breached record in the healthcare sector increased by 5.14% in 2019.
UnityPoint Health, an Iowa-based healthcare system, just settled a data breach lawsuit in July that entailed two separate phishing attacks in which dubious emails that appeared to have been sent from an executive within the organization tricked employees
into providing their sign-on information, thereby giving the attackers access to their accounts.