Each year, Bitglass analyzes data from the U.S. Department of Health and Human Services’ “Wall of Shame,” a database containing information about breaches of protected health information (PHI) that affected 500 or more individuals. In 2019’s report, the latest data is compared to that of previous years, revealing key trends and cybersecurity challenges facing the healthcare industry.
Breaches recorded in the HHS database are categorized into one of the following groups:
- Hacking or IT incidents: Breaches related to malicious hackers and improper IT security
- Unauthorized access or disclosure: All unauthorized access and sharing of protected health information
- Loss or theft: Breaches enabled by the loss or theft of endpoint devices
- Other: Miscellaneous breaches and leaks related to items such as improper disposal of data.
According to the study’s findings, the number of breaches in 2018 was lower than that of the previous year. Interestingly, however, the total number of records breached has more than doubled since 2017.
Additionally, of the 11.5 million individuals who were affected by healthcare breaches in 2018, 67 percent had their information exposed by hacking and IT incidents. The steady rise of this type of breach suggests that healthcare IT systems are increasingly being targeted by malicious actors who recognize that said systems house massive amounts of sensitive data.
- The number of reported healthcare breaches reached a three-year low of 290 in 2018
- At 46 percent, hacking and IT incidents were the biggest causes of breaches, with unauthorized access and disclosure coming in second place at 36 percent
- The average number of individuals affected per breach was 39,739 in 2018 – more than twice the average of 2017
- The number of breaches caused by lost and stolen devices has decreased by almost 70 percent since 2014.