In 2020, there were 599 healthcare breaches that collectively affected over 26 million individuals. Bitglass’ report takes an in-depth look at the breaches that healthcare organizations faced, comparing them to previous years and revealing key trends and cybersecurity challenges facing the industry.
Breaches recorded in the DHHS database are classified into the following categories:
- Hacking and IT incidents: Breaches related to malicious hackers and improper IT security—a cybersecurity events stemming from external parties.
- Unauthorized disclosure: Unauthorized sharing of PHI by internal parties or systems.
- Loss or theft: Breaches that involve the loss or theft of endpoint devices.
- Other: Miscellaneous breaches and leaks.
Hacking and IT incidents increasing each year
Since 2018, the number of hacking and IT incidents has increased each year, meaning that IT resources are increasingly used by organizations and targeted by malicious actors. Such incidents were, by far, the top cause of healthcare breaches in 2020, leading to 403 out of 599 breaches (67.3%)—more than three times that of the next highest category.
Hacking and IT incidents also led to larger breaches than other categories did, compromising 91.2% of all exposed healthcare records in 2020 (about 24.1 million out of 26.4 million).
“The vast majority of healthcare organizations process and store protected health information (PHI) such as Social Security numbers, medical history, and other personal data. It is no surprise that these entities would be targeted by malicious cyber criminals seeking to access sensitive data for monetary gain,” said Anurag Kahol, CTO of Bitglass.
“The exceedingly high number of hacking and IT incidents highlight the shifting strategies of malicious actors. As healthcare organizations continue to embrace cloud migration and digital transformation, they must leverage the proper tools and strategies to successfully protect patient records and respond to the growing volume of threats to their IT ecosystems.”
Healthcare breaches increased, costing $13.2 billion
- The average cost per breached record increased from $429 in 2019 to $499 in 2020. With 26.4 million records exposed in 2020, data breaches cost healthcare organizations $13.2 billion.
- Outside of hacking and IT incidents, the remaining breach categories exposed the personal details of about 2.3 million people, exposing victims to identity theft, phishing, and other forms of cyberattacks.
- This year, breach numbers were up across the board, with 37 out of 50 U.S. states suffering more breaches than they did in 2019. California had the most healthcare breaches in 2020 with 49 incidents – surpassing last year’s leader, Texas, which suffered 43 breaches in 2020.
- In 2020, the average healthcare firm took about 236 days to recover from a breach.