Year in Review: 2019 Healthcare Data Breaches

At the conclusion of 2019, the industry again saw a new record set for the number of health data security breaches. In total, 353 healthcare providers were breached with the most common method of breach being hacking/IT incidents. Ransomware is the most common form of hacking, and hackers view healthcare providers as the perfect business to attack because they will be paid to undo the damage that they caused. Attackers can not only encrypt vital healthl data and demand ransom to unlock them, but they can also steal those patient records to use in identity theft and fraud. Patient data is one of the most expensive forms of stolen ID record on the dark web. On average, patient records can sell for up to $1,000 each due to the amount of information found in the documents, including date of birth, credit card information, Social Security number, address, and email. In comparison, Social Security numbers can be purchased for as little as $1, and credit card information sells for up to $110.

In 2019, more healthcare records were breached than in all of 2016, 2017 and 2018 combined.

A recent survey has highlighted the cost of healthcare industry data breaches, the extent to which the healthcare industry is under attack, and how often those attacks succeed.

The survey was conducted by Black Book Market Research on 2,876 security professionals at 733 provider organizations between Q4, 2018 and Q3, 2019. Respondents were asked their views on cybersecurity to identify vulnerabilities and security gaps and determine why so many of these cyberattacks are succeeding.

96% of surveyed IT professionals believed that cybercriminals are outpacing medical enterprises, which is no surprise given that 93% of healthcare organizations reported having experienced a data breach since Q3, 2016. According to the report, 57% of organizations had experienced more than five data breaches during that time period. More than half of the data breaches reported by healthcare organizations were the result of hacks and other attacks by external threat actors.

As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The infographic to the left illustrates the statistics from Q4 2019 of all healthcare-related data breaches. 2019 set another record for HIPAA enforcement.

Optimum Healthcare IT has in-depth experience helping healthcare organizations address their security and compliance needs. We offer a wide range of services, from strategy development to implementation of technology and processes to minimize risks. Our clients include large healthcare systems, community hospitals, and healthcare technology providers who need to ensure that their information technology platforms remain secure and meet regulatory requirements.