HHS “Wall of Shame” Data Breaches Affected 27M People in 2019

Feb. 19, 2020
Hacking/IT incidents accounted for the most number of breaches last year, followed by unauthorized access or disclosure

In 2019, data breaches that made the U.S. Department of Health and Human Services’ “Wall of Shame”—a database containing information about breaches of protected health information (PHI)— collectively affected over 27 million individuals, according to a new report.

The research, conducted by cloud security company Bitglass each year, analyzed the breaches of 2019, compared them to those of previous years, and revealed key trends and cybersecurity challenges facing the healthcare industry. HHS’ “Wall of Shame” includes those reported data breaches impacting more than 500 people.

Breaches recorded in the database are classified into the following categories:

• Hacking or IT incidents: breaches related to malicious hackers and improper IT security

• Unauthorized access or disclosure: All unauthorized access and sharing of organizational data

• Loss or theft: breaches enabled by the loss or theft of endpoint devices

• Other: miscellaneous breaches and leaks related to items such as improper disposal of data

According to the findings, the total number of records breached more than doubled from 2018 to 2019. This same doubling also occurred between 2017 and 2018, revealing a significant upward trend over the last few years.

Corresponding with this, the average number of individuals affected per breach reached 71,311 in 2019, nearly twice that of 2018 (39,739). Additionally, this was the first time since 2016 that the number of breaches reached over 300; the 386 incidents in 2019 represented a 33 percent increase over 2018.

A recent report from cybersecurity company Comparitech found that since 2016, nearly 7 million patients were affected by ransomware attacks alone.

Other key findings from the report include:

• The cost per breached record in healthcare was $429 in 2019. Last year, with 27.5 million records exposed, data breaches cost healthcare organizations $11.8 billion.

• Around 24 million people were affected by healthcare breaches due to hacking and IT Incidents. This category was followed by unauthorized access or disclosure, which affected 2.5 million people.

• Texas had the most healthcare breaches in 2019 with 47 incidents, nearly twice the number of California, which came in second place at 25.

• Lost or stolen devices has consistently had the biggest annual decrease over the past few years, dropping from 148 in 2014 to 42 in 2019.

• The total number of records breached has more than doubled each year; from 4.7 million in 2017 to 11.5 million in 2018, and to 27.5 million in 2019.

“Last year, ‘hacking and IT incidents’ was the top cause of breaches in healthcare, accounting for more than 60 percent of all data leakage,” Anurag Kahol, CTO of Bitglass, said in a statement. “This is not particularly surprising given the fact that threat actors are maturing their capabilities and adapting to security measures organizations put in place, like multi-factor authentication…”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?