Healthcare Breaches: 40.7 Million Patients Affected
By Dr. Maheu
April 5, 2021
There were 758 breaches publicly posted to the Department of Health and Human Services (HHS) breach portal in 2020, affecting 40.7 million patients. However, the breaches listed on the HHS breach portal only reflect breaches affecting 500 or more patients, making it likely that the number of breaches was much higher.
Each year Protenus, along with databreaches.net, conducts a breach report to assess the state of healthcare cybersecurity. Their 2021 Breach Barometer examined healthcare breaches occurring in 2020 and compared the findings to 2019 breaches. Read more about previous healthcare breaches on TBHI blogs: Healthcare Data Breach compromised 295,617 patients, Major Healthcare Hack Targets Mental Health Provider and Healthcare Breach: Email Breach Affects Behavioral Health Organization. More details on healthcare breaches, hacking incidents, insider breaches of 2020 are discussed below.
Healthcare Breaches in 2020
There were 758 breaches publicly posted to the Department of Health and Human Services (HHS) breach portal in 2020, affecting 40.7 million patients. However, the breaches listed on the HHS breach portal only reflect breaches affecting 500 or more patients, making it likely that the number of breaches was much higher. Through their analysis of 2020 breaches, Protenus determined a 30% increase in healthcare breaches compared to 2019.
Hacking Incidents in 2020
The leading cause of 2020 healthcare breaches resulted from hacking incidents representing 62% of reported incidents, with a 42% increase in these types of incidents from the previous year. The 277 hacking incidents compromised the protected health information (PHI) of more than 31 million patients. Part of the reason hacking skyrocketed in the healthcare sector is due to hackers exploiting the COVID pandemic, in some cases posing as government agencies to gain access to sensitive information. The issue was a major cause for concern, with the FBI and HHS warning healthcare organizations against “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
Researchers stated, “By making investments to protect patients, health systems, in turn, protect themselves from severe reputational damage, financial penalties, or care disruptions stemming from hacking incidents. Under obligation to do no harm, healthcare organizations must adopt advanced tools capable of preventing hacks and their frightening consequences for patients.”
Insider Breaches in 2020
The second most common cause behind healthcare breaches in 2020 was insider breaches. Insider breaches occur when an employee of a healthcare organization accesses PHI without cause. Insider breaches represented 20% of reported incidents, with 111 incidents of insider breaches compromising the PHI of 8.5 million patients.
“A zero-tolerance stance on snooping is important, but it will never be enough to prevent innocent mistakes or nefarious hackers,” researchers wrote. “Only by using compliance analytics to calculate the risk score of any anomalous access can organizations surface and prioritize interactions with data that truly warrant attention…. Noncompliance is critically important to identify and prevent, especially when organizations are struggling financially. Compliance incidents are costly because of all that goes into reconciling them. On top of paying penalties, health systems must do damage control,” they added.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance, with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!