In 2019, healthcare data breaches collectively affected over 27 million individuals, according to Bitglass.
Categories of breaches
- Hacking or IT incidents: Breaches related to malicious hackers and improper IT security
- Unauthorized access or disclosure: All unauthorized access and sharing of organizational data
- Loss or theft: Breaches enabled by the loss or theft of endpoint devices
- Other: Miscellaneous breaches and leaks related to items such as improper disposal of data
Number of records exposed in healthcare breaches doubles
According to the findings, the total number of records breached more than doubled from 2018 to 2019. This same doubling also occurred between 2017 and 2018, revealing a dramatic upward trend over the last few years.
Corresponding with this, the average number of individuals affected per breach reached 71,311 in 2019, nearly twice that of 2018 (39,739). Additionally, this was the first time since 2016 that the number of breaches reached over 300 – the 386 incidents in 2019 represented a 33% increase over 2018.
“This is not particularly surprising given the fact that threat actors are maturing their capabilities and adapting to security measures organizations put in place, like multi-factor authentication.
“Healthcare databases are heavily targeted by cybercriminals as they hold a wealth of sensitive information like medical histories, Social Security numbers, personal financial data, and more. This means that healthcare firms must employ the appropriate technologies and cybersecurity best practices to ensure all data within their IT systems is secure around the clocks.”
- The cost per breached record in healthcare was $429 in 2019. Last year, with 27.5 million records exposed, data breaches cost healthcare organizations $11.8 billion.
- Around 24 million people were affected by healthcare breaches due to Hacking and IT Incidents. This category was followed by Unauthorized Access or Disclosure, which affected 2.5 million people.
- Texas had the most healthcare breaches in 2019 with 47 incidents, nearly twice the number of California, which came in second place at 25.
- Lost or stolen devices has consistently had the biggest annual decrease over the past few years, dropping from 148 in 2014 to 42 in 2019.
- The total number of records breached has more than doubled each year; from 4.7M in 2017 to 11.5M in 2018, and to 27.5M in 2019.