Information technology hijackings and incidents reported to the Department of Health and Human Services Office for Civil Rights among covered entities and business partners have increased by 843% between 2015 and last year, the US Government Accountability Office said in a report released on Monday.
The report said there were a total of 1,781 incidents during that period. According to the report, OCR’s deputy director of privacy protection for health information has said that covered entities and business partners reported emails as a common attack vector among the victims. A lack of multifactor authentication was a common factor among entities that experienced an intrusion, the director reported.
GAO also reported that the number of incidents involving unauthorized access and disclosure increased by 435% since 2015, to 926.
The report recommends that the HHS Office of Civil Rights, which handles the infringement reporting process, develop a “clear mechanism” for providing feedback on the infringement reporting process.