Breaches among health care entities, associates soar: GAO

Hijacking and information technology incidents reported to the Department of Health and Human Services’ Office for Civil Rights among covered entities and business associates have increased by 843% between 2015 and last year, says the U.S. Government Accountability Office in a report issued Monday.

The report said there were a total of 1,781 incidents during that period. According to the report, the OCR’s deputy director for health information privacy has said that covered entities and business associates reported email as a common attack vector among the breached. A lack of multifactor authentication was a common factor among entities that experienced a breach, the director reported. 

The GAO also reported that the number of incidents involving unauthorized access and disclosures increased 435% since 2015, to 926.

The report recommends that the HHS Office of Civil Rights, which manages the breach reporting process, develop a “clear mechanism” to provide feedback on the breach reporting process.