Healthcare data breaches hit an all-time high (328) in 2016, surpassing the previous record set in 2015 (268). And, records of approximately 16.6 million Americans were exposed as a result of hacks, lost or stolen devices, unauthorized disclosure and more.
These latest statistics on healthcare breaches comes from Bitglass, a Campbell, Calif.-based total data protection company. The third annual healthcare breach report aggregated data from the U.S. Department of Health and Human Services’ Wall of Shame—a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA)—to identify the most common causes of data leakage.
The report does offer some good news, however—despite the fact that records of more than 16 million Americans were exposed last year, that overall number of compromised records has declined for the second year in a row and early indications suggest that those numbers will continue to decline in 2017. So far in 2017, 1.5 million American records have been breached, according to the research. And while the Anthem breach that affected 78 million Americans skewed the numbers in 2015, even excluding that outlier, less than half as many customer records were leaked in 2016 as in 2015.
The 2016 year-in-review Breach Barometer report from Protenus painted a similar stark picture for last year—2016 averaged at least one health data breach per day, affecting more than 27 million patient records, that report found. Another recent report from IBM Security found that in 2016, 12 million records were compromised in healthcare—keeping it out of the top five most-breached industries. That research revealed that hackers were indeed focusing on smaller targets, thus resulting in a lower number of leaked records.
Other key Bitglass report findings include:
● Unauthorized disclosures are now the leading cause of breaches, as they accounted for nearly 40 percent of breaches in 2016.
● Hacking and IT incidents continue to pose the greatest risk; the volume of records that leak because of hacking is greater than all other breach events combined.
● All five of the largest breaches were the result of hacking and IT incidents in 2016. To put that in perspective, 80 percent of leaked records in 2016 were the result of hacking. So far in 2017, the largest breach was the result of theft and the four next largest breaches were due to hacking.
According to data from the Ponemon Institute, the average breach costs U.S. companies is $221 per lost record, which is up from $217 per record in 2015. The cost per leaked record for healthcare firms topped $402 in 2016.
“Breaches and information leaks are unavoidable in every industry, but healthcare remains one of the biggest targets,” said Nat Kausik, CEO, Bitglass. “While threats to sensitive healthcare data will persist, increased investments in data-centric security and stronger compliance and disclosure mandates are driving down the impact of each breach event.”
