Yes, Healthcare's Data Breach Problem Really Is That Bad

^{Data breaches are on the rise in healthcare, a new study finds.}

Over an eight-year span, healthcare organizations reported 2,149 data breaches affecting 176.4 million records to the federal government, with almost every year bringing more privacy incidents, according to new research.

The findings, published today by the JAMA Network, further support the argument that healthcare is particularly vulnerable to hackers. The rise of electronic health records appears to have worsened the situation, placing patients at risk and healthcare providers, insurers and other stakeholders in ethical and legal hot water, according to the study authors, who are affiliated with the Center for Quantitative Health at Massachusetts General Hospital in Boston.

>> READ: What to Do Before and After a Data Breach

“Although networked digital health records have the potential to improve clinical care and facilitate learning [in] health systems, they also have the potential for harm to vast numbers of patients at once if data security is not improved,” authors Thomas H. McCoy Jr., M.D., and Roy H. Perlis, M.D., M.Sc., wrote.

To conduct their research, they examined all data breaches compiled by the U.S. Department of Health and Human Services Office for Civil Rights from 2010 through 2017. They found that, aside from 2015, the annual data breach tally increased each year, rising from 199 in 2010 to 344 in 2017.

Under the law, healthcare organizations that handle protected health information must report breaches of a certain size to the federal government. But that does not mean that every data breach gets reported or included in the count.

The size of each breach ran from 500 to 78.8 million patient records, with a median of 2,300 records and a mean of 84,456, according to the findings. Reports indicate that patient records can sell for $300 to $400 on the dark web, making them several hundreds of times more valuable than stolen credit card information, which typically sells for a dollar or two.

Healthcare providers were hit the hardest, reporting 1,503 data breaches compromising 37.1 million records during the period in question. The number of incidents made up 70 percent of all data breaches included in the tally.

But health plans, which reported 278 data breaches, reported 110.4 million exposed records, or 63 percent of the pie, according to the findings.

Although most healthcare data breaches focused on paper or film, the 410 breaches that emanated from network servers bared 139.9 million records, nearly 80 percent of the total.

Prior to the rise of electronic health records, laptops, paper and films were the most commonly breached items. That shifted to network servers by the end of the study period, accompanied by a spike in incidents of hacking or unauthorized access, according to the study.

“The ongoing transition to electronic health records may increase such breaches,” the authors noted.

Get the best insights in healthcare analytics directly to your inbox. Register for our daily newsletter.

Related

Can Outside Disruption Save Healthcare?

WannaCry, NotPetya and Cyberwarfare’s Threat to Healthcare

With 860K Affected Patients, July Among Worst Data Breach Months of Year