Data Breach Report: Reported Incidents Reached Three-Year Low in 2018

Feb. 25, 2019
The average number of individuals affected per breach doubled since 2017

The number of reported healthcare breaches reached a three-year low of 290 in 2018, according to the fifth annual breach report from California-based security company Bitglass.

Each year, according to company officials, Bitglass analyzes data from the U.S. Department of Health and Human Services’ “Wall of Shame,” a database containing information about breaches of protected health information (PHI) that affected 500 or more individuals. In 2019’s report, the latest data is compared to that of previous years, revealing key trends and cybersecurity challenges facing the healthcare industry.

Breaches recorded in the HHS database are categorized into one of the following groups: hacking or IT incidents; unauthorized access or disclosure; loss or theft; or other, miscellaneous breaches and leaks related to items such as improper disposal of data.

According to this year’s findings, the number of breaches in 2018 was lower than 2017. But what is also noteworthy, however, is that the total number of records breached has more than doubled since 2017. Additionally, of the 11.5 million individuals who were affected by healthcare breaches in 2018, 67 percent had their information exposed by hacking and IT incidents.

The steady rise of this type of breach suggests that healthcare IT systems are increasingly being targeted by malicious actors who recognize that said systems house massive amounts of sensitive data, Bitglass researchers noted.

The report’s core findings include:

  • The number of reported healthcare breaches reached a three-year low of 290 in 2018
  • At 46 percent, hacking and IT incidents were the biggest causes of breaches, with unauthorized access and disclosure coming in second place at 36 percent
  • The average number of individuals affected per breach was 39,739 in 2018—more than twice the average of 2017
  • The number of breaches caused by lost and stolen devices has decreased by almost 70 percent since 2014.
  • By far, California (25) and Texas (24) had the most healthcare breaches in 2018. This is consistent with state population (wherein California and Texas also rank first and second, respectively.

“Healthcare firms have made progress in bolstering their security and reducing the number of breaches over the last few years,” Rich Campagna, CMO of Bitglass, said in a statement. “However, the growth in hacking and IT incidents does deserve special attention. As such, healthcare organizations must employ the appropriate technologies and cybersecurity best practices if they want to secure the patient data within their IT systems.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?