U.S. healthcare providers in 2019 experienced almost triple the number of breaches to their records than they did in 2018.
That’s the assertion of healthcare compliance analytics platform Protenus in its Protenus Breach Barometer report, which reported that 41 million patient records were breached in 2019. The increase in breaches was a 48.6% difference from 15 million in 2018, while the trend of at least one health data breach per day — a trend first reported in 2016 — remains.
"The increase in total incidents is a result of the healthcare industry's unique challenges that are unlike other industries," Protenus CEO Nick Culbertson told HCB News. "As health data is increasingly shared, there is more access to patient data which will ultimately lead to more health data breaches. The other reason we are seeing this increase can be attributed to better detection and reporting within the industry, especially with the increase in adoption of healthcare compliance analytics, a new approach to protecting patient data that leverages artificial intelligence."
A previous report by Protenus found that close to 32 million patient records were breached
in the first half of 2019, double the number that was breached that same time in 2018. The healthcare industry faced a reported 572 incidents in 2019, up from 450 in 2016. Of the 187 health data breaches examined, it took an average of 80 days for organizations to report a breach to HHS, the media, or other sources following its discovery.
The report discusses some of the most impactful of breaches that occurred over the past year. The largest that occurred was the hacking of a Business Associate (BA) of one of the largest patient collections recovery agencies in the nation. The patient information of 20,949,600 records was accessed by an unauthorized party, which posted dates of birth, social security numbers and physical addresses for sale on the dark web. The number is expected to increase as other clients of the breach are notified.
Another incident was an insider threat perpetrated by a nurse who was suspected of gaining access to and providing patient information to a third-party for fraudulent intentions. An estimated 16,542 patients were affected over almost two years before the threat was uncovered. The investigation into the incident is ongoing.
The impacts of attacks such as these not only risk exploiting patient information but can put their health — and in some cases, their immediate lives — in danger. While many attacks are becoming more creative in their efforts to steal from providers and patients, many practices are heeding the advice of cybersecurity experts to prevent incidents from occurring.
"It's critical for all providers to ensure a multi-layered security approach to ensure their data is protected," said Culbertson. "In addition to ensuring the right firewalls and back up systems are in place and working, organizations need to have a way to monitor 100% of accesses to their patient data. AI-powered analytics are necessary to ensure inappropriate access to data is detected, mitigated, and ultimately prevented from occurring."
He adds that the top three suggestions he gives to healthcare organizations looking to better protect patient data are to "commit to employee training and education to ensure EHR users understand the policy and procedures around patient data access for their institutions and how to best protect it; ensure a multi-layered security approach to ensure the systems in place are functioning properly and routinely tested; and leverage the advances in healthcare compliance analytics — a lot of innovation has occurred when it comes to better understanding patient data workflows and determining appropriate versus inappropriate access."