US Health Data Breaches Rises with 40 Million Affected in 2019 Alone
20 Jan, 2020
The United States has experienced a steady increase in the number of data breaches within the healthcare sector. Data gathered by PreciseSecurity.com shows that 40 million Americans were affected by health data breaches in 2019 alone.
This was the highest number recorded since 2015 where more than 113.27 million records were exposed to unauthorized individuals, writes Justinas Baltrusaitis on precisesecurity.com. This was an increase of about 84% from 2014’s 17.4 million exposed health records.
From the high of 2015, there were improvements with breached records dropping only to spike in 2019. Between the four years, 2017 recorded the least breaches at 5.1 million while 2019 breaches rose by 65% from 2018’s 14 million.
The data shows that 2012 was the best with the least number of health breaches. Only 2.8 million records were exposed to represent a drop of about 78% from 2011 which saw 13.1 records being breached.
Cumulatively, health data breaches over the last decade now stand at over 189 million records which equates to more than 59% of the population of the United States. At the same time, about 41% of Americans have had their protected health information exposed.
More Entities Targeted in Data Breaches
Health data breaches can be costly considering that credit card data, email addresses, social security numbers, employment information and medical history records stolen can be used in many instances like fraud and identity theft.
Across the years, the number of entities involved in healthcare data breaches has also been on the rise. 2019 saw 429 entities involved in data breaches, which the highest in the period under review.
Interestingly, despite 2015 witnessing the highest number of breaches, only 268 entities were involved. This was a drop of 14% from 2014’s 314 entities. From 2015 the entities involved have been rising significantly, bringing to question the level of measures put in place to curb exposure of patient records.
Over the past decade, the least number of entities involved in data breaches was 18 recorded in 2009. Compared to 2019, this is an increase of 411 entities to represent a spike of 95%.
Generally, there have been notable changes that led to the varied number of records being breached. The next question would be, what causes these data breaches? From the data, most of the breaches have been caused by hacking.
Hacking Continues to Dominate Data Breaches
In 2019, over half of the 40 million healthcare data breaches were mainly through hacking at 59%. This was an increase of 16% from 2018’s 43%. The least hackings were recorded in 2014 at 12%. From this period, the rate of hacking has been rising significantly.
Notably, phishing has been the main weapon of use for most hackings. Moving forward, there is a need for healthcare providers to set and roll out simulated phishing programs.
Despite hackings being on the increase, most health facilities are now putting in place measures to curb the loss of data electronically. The low hacking recorded in the previous years can be attributed to the fact that most facilities did not have a means of detecting malware in their systems. Some hackings were even recorded months after taking place.
To curb more breaches, there is a need for entities improving their measures of protecting healthcare records with administrative, physical, and technical controls such as encryption.
Based on the high volume of data breaches, it is clear that the healthcare sector is among the most vulnerable sectors regarding data breaches. If this trend continues, 2020 might witness an increase of between 10-15% in the number of entities breached compared to 2019.
(c)2003-2021 Trade & Industry Development is a publication of Due North Media - a division of Due North Consulting, Inc.
Copyright 2001-2021, Due North Consulting, Inc. -- All rights reserved.
The material on this site is protected by United States copyright and other intellectual property laws and may not be reproduced, rewritten, distributed, re-disseminated, transmitted, cached, displayed, published, broadcast, directly or indirectly, in any medium without the prior written permission of Due North Consulting, Inc.