sb-au logo
Story image

New report reveals 'wall of shame' in health care data breaches

More than 27 million individuals were affected by breaches of protected health information, according to Bitglass. 

The next-gen cloud security firm has released its sixth annual Healthcare Breach Report. Each year, Bitglass analyses data from the U.S. Department of Health and Human Services Wall of Shame, a database containing information about breaches of protected health information (PHI).

Bitglass' latest report analyses the breaches of 2019, compares them to those of previous years, and reveals key trends and cybersecurity challenges facing the healthcare industry.

Breaches recorded in the database are classified into the following categories:

  • Hacking or IT Incidents: Breaches related to malicious hackers and improper IT security
  • Unauthorised Access or Disclosure: All unauthorised access and sharing of organisational data
  • Loss or Theft: Breaches enabled by the loss or theft of endpoint devices
  • Other: Miscellaneous breaches and leaks related to items such as improper disposal of data

According to the findings, the total number of records breached more than doubled from 2018 to 2019. This same doubling also occurred between 2017 and 2018, revealing a dramatic upward trend over the last few years. 
Corresponding with this, the average number of individuals affected per breach reached 71,311 in 2019, nearly twice that of 2018 (39,739). Additionally, this was the first time since 2016 that the number of breaches reached over 300--the 386 incidents in 2019 represented a 33% increase over 2018.

"Last year, Hacking and IT Incidents was the top cause of breaches in healthcare, accounting for more than 60% of all data leakage," says Anurag Kahol, CTO of Bitglass. 

"This is not particularly surprising given the fact that threat actors are  maturing their capabilities and adapting to security measures organisations put in place, like multi-factor authentication," he says.

"Healthcare databases are heavily targeted by cybercriminals as they hold a wealth of sensitive information like medical histories, Social Security numbers, personal financial data, and more. 

"This means that healthcare firms must employ the appropriate technologies and cybersecurity best practices to ensure all data within their IT systems is secure around the clocks."

Key Findings:

  • The cost per breached record in healthcare was $429 in 2019. Last year, with 27.5 million records exposed, data breaches cost healthcare organisations $11.8 billion.
  • Around 24 million people were affected by healthcare breaches due to Hacking and IT Incidents. This category was followed by Unauthorised Access or Disclosure, which affected 2.5 million people.
  • Texas had the most healthcare breaches in 2019 with 47 incidents, nearly twice the number of California, which came in second place at 25.
  • Lost or Stolen Devices has consistently had the biggest annual decrease over the past few years, dropping from 148 in 2014 to 42 in 2019.
  • The total number of records breached has more than doubled each year; from 4.7M in 2017 to 11.5M in 2018, and to 27.5M in 2019.
  • About Bitglass
  • Bitglass, the Next-Gen Cloud Security company, is based in Silicon Valley with offices worldwide. The company's cloud security solutions deliver zero-day, agentless, data and threat protection for any app, any device, anywhere. Bitglass is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.
     
Story image
Ping named identity solution Leader by ISG
Recognised for Identity & Access Management in the 2020 Provider Lens Cyber Security – Solutions & Services Quadrant Report Australia.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Why securing IoT installations will be ‘do or die’ in post-pandemic Australia
Unless IoT technology is visible on the network, organisations will find themselves at risk with an unmanageable high-tech morass, warns ExtraHop A/NZ regional sales manager Glen Maloney.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Link image
How a metrics-driven mindset can enable DevOps at enterprise scale
Here's how to enable dev teams to deploy higher-quality software and create reporting standards that clearly communicate software performance.More