Healthcare organizations are reporting breaches faster as feds tighten enforcement

network security
Healthcare organizations are responding to federal enforcement by reporting breaches within 60 days of discovery.

If the last two months are any sign, healthcare organizations appear to be putting more emphasis on adhering to the required 60-day window to report data breaches.

In April, it took organizations an average of 51 days to discover a breach occurred and 59 days to report it to the Department of Health and Human Services (HHS), according to the Protenus Breach Barometer report. Approximately two-thirds of organizations reported the breach within the 60-day time frame.

Healthcare organizations reported similar response times in March, when the average time to report a breach to HHS was 45 days.

RELATED: Insider threats dominated healthcare breaches in February

“Last month (March) HHS stepped up their enforcement by beginning to fine healthcare organizations not reporting health data breaches within the required 60-day window,” the report stated. “It begs one to ask if healthcare organizations are becoming more diligent in responding and reporting breaches to patient data as a result of this regulatory scrutiny.”

The number of breaches declined slightly in April to 34, down from 39 in March. Nearly half were a result of hacking and most of the attacks were against healthcare providers.

The report comes a week after the healthcare industry faced down a global ransomware attack that shut down parts of the National Health Service in the United Kingdom and left experts concerned that the next attack could have even more implications for patient care.

RELATED: After WannaCry, experts worry healthcare’s vulnerabilities will make the next ransomware attack even worse

Healthcare security experts have said that data breaches are “significantly underreported” even though cybersecurity has emerged as a top concern for hospital and health plan executives.