Healthcare organizations reported 328 data breaches in 2016, a substantial increase from 268 the previous year and setting a new all-time high for the industry. According to Bitglass’ 2017 Healthcare Breach Report, the breaches exposed the records of roughly 16.6 million Americans as a result of hacks, lost or stolen devices, unauthorized disclosure, and more. Despite the alarming numbers, Bitglass also found the overall compromised records dropped for the second year in row, with early indications suggesting those numbers will continue to decline in 2017. The report analyzed data from the U.S. Department of Health and Human Services’ database, which lists breach disclosures mandated by the Health Insurance Portability and Accountability Act (HIPAA). Nat Kausik, CEO of Bitglass, notes that although breaches and information leaks are unavoidable in every industry, healthcare remains one of the biggest targets.
“While threats to sensitive healthcare data will persist, increased investments in data-centric security and stronger compliance and disclose mandates are driving down the impact of each breach event,” said Kausik.
Other key findings from the report include:
- Unauthorized disclosures are now the leading cause of breaches, accounting for nearly 40 percent of breaches in 2016.
- The volume of records leaked because of hacking is greater than all other breach events combined.
- 80 percent of leaked records in 2016 were the result of hacking.
“Unlike credit card breaches, where limited liability laws offer some protection, victims have little recourse when subject to identity theft via protected health information (PHI) leaks,” said Bitglass in a press release. However, identity theft is not the sole use for this highly sensitive data, warned Bitglass. "Criminals can access medical care in the victim’s name or even conduct corporate extortion using PHI." the company said. A 2016 report by the Ponemon Institute estimates the cost per leaked record for healthcare firms at upwards of $402.