Healthcare data breaches spike significantly in 7 years: 5 things to know

Julie Spitzer - Print  | 

Healthcare data breaches are on the rise, according to public data reported in a research letter and published in JAMA Network.

The authors, Thomas McCoy Jr., MD, an orthopedic surgeon, and Roy Perlis, MD, a professor of psychiatry, analyzed all breaches posted to HHS' Office for Civil Rights breach portal between Jan. 1, 2010, and Dec. 31, 2017 to determine trends over time.

Here are five study highlights:

1. The researchers identified 2,149 breaches comprising a total of 176.4 million records during the seven-year time frame.

2. Individual breaches ranged in size, from exposing as few as 500 records to as many as 78.8 million records. Organizations are only required to report breaches to OCR if at least 500 records are breached.

3. The number of breach reports increased each year, from 199 in 2010 to 344 in 2017, with the exception of 2015.

4. Healthcare providers reported 70 percent of breaches, but only 21 percent of compromised records. Thirteen percent of breaches involved health plans, which accounted for the largest share of breached records at 63 percent.

5. The most common breach sites shifted from laptop and paper or film records in 2010 to network server and email in 2017. This shift coincided with a transition from theft as the No. 1 breach type in 2010 to hacking and unauthorized access in 2017.  

"As the type of data breached shifted toward electronic records and away from paper records, the nature of the breach likewise shifted toward electronic means, such as hacking," the authors concluded. "Although networked digital health records have the potential to improve clinical care and facilitate learning health systems, they also have the potential for harm to vast numbers of patients at once if data security is not improved."

The download the complete research letter, click here.

More articles on cybersecurity:

Aspire Health hacked in phishing scheme, seeks to subpoena Google for more details
5 questions to help CISOs assess cybersecurity preparedness
The hospital digital revolution & what it means for cybersecurity: 4 Qs with University Hospital Newark, New Jersey's interim CISO

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.