U.S. Health Data Breaches Mounting Along with Cost to Industry

The health records of 40 million Americans were impacted by data breaches last year, according to data gathered by PreciseSecurity.com.

That was the highest number since 2015 when more than 113.27 million records were exposed. During the last decade, exposure of health records steadily increased, according to the data.

Health care data breaches cost the industry $4 billion last year and 2020 is likely to be even more expensive, according to Black Book Market Research. Health care providers continued to be the most targeted organizations for industry cybersecurity breaches with nearly four out of five breaches, whereas successful attacks on health insurers and plans maintained with more sophisticated information security solutions showed little year-to-year change, it said.

Only 2012 showed the least data breaches with 2.8 million records illegally accessed, according to PreciseSecurity.com. Between 2015 and 2019, the least data breached was in 2017 at 5.1 million.

PreciseSecurity’s Justinas Baltrusaitis

Cumulatively, health data breaches over the last decade now stand at more than 189 million records, which equates to more than 59% of the population of the United States.

Justinas Baltrusaitis, editor of PreciseSecurity.com, tells us there are opportunities for MSSPs to help health entities in protecting patient data.

“For example, hacking has been the main weapon for accessing data, MSSPs and other cybersecurity providers can help organizations come up with IT risk assessment systems, encrypt patient data and create sub-networks for more sensitive patient data,” he said. “There are minimal efforts towards conducting a risk assessment of IT systems in most organizations. Additionally, organizations do not have sub-networks for sensitive patient information.”

As the number of breaches rises, the affected entities also have been on the rise. In 2019, about 429 entities were involved in data breaches, which was the highest over the last decade.

Although 2015 recorded the highest number of breaches, only 268 entities were involved, representing a decrease of 14% from 2014’s 314 entities.

With the rise in breaches, hacking was the main weapon employed to steal health data from different entities. In 2019, more than half of the 40 million breaches were stolen through hacking at 59%.

By analyzing the data, 2020 could bring an increase of between 10-15% in entities being hacked.

“Data breaches entail the stealing of personal information, and the affected patients can fall victim to identity theft and fraud,” Baltrusaitis said. “Furthermore, sensitive data breaches like medical history can lead to the emotional torture of the victims. In some cases, victims who wanted to keep certain information private live in fear that once it becomes public it will lead to prejudice.”