Hacking and IT incidents causing bigger breaches in healthcare

The total number of breaches is at a three-year low, but the incidents are larger, affect more people – and are often caused by underprotected IT environments, according to a new Bitglass report.
By Deirdre Fulton
10:40 AM
Share

While the number of healthcare breaches has decreased in recent years, the number of individuals affected by such breaches skyrocketed in 2018, according to a new report from cloud security firm Bitglass.

Its 2019 Healthcare Breach Report, based on data from the U.S. Department of Health and Human Services' Wall of Shame, shows a shifting threat landscape – with hacking and IT incidents now responsible for more breaches than any other cause.

WHY IT MATTERS
The Bitglass analysis finds that while the number of breaches hit a three-year low in 2018, at 290, the average number of individuals affected per breach was 39,739 in 2018 – more than twice the average of 2017.

Hacking and IT incidents reportedly led to nearly 46 percent of those breaches – ahead of other causes, such as unauthorized access and disclosure (36 percent) or lost and stolen devices (15.5 percent).

Furthermore, hacking and IT incidents impacted a disproportionate percentage of individuals relative to other breach causes, with 67 percent of the 11.5 million individuals who were affected by healthcare breaches in 2018 having their information exposed by such tactics.

The continued rise in breaches linked to technology-related incidents is further confirmation of what most in healthcare understand already: "that healthcare IT systems are increasingly being targeted by malicious actors who recognize that said systems house massive amounts of sensitive data," according to the Bitglass report.

Moreover, these breaches are getting more expensive. The study includes data from the Ponemon Institute that finds that the cost per record for a healthcare breach amounted to $408 in 2018 – a 7.4 percent increase from 2017 and a 10.6 percent increase from 2016.

THE LARGER TREND
This latest breach data – despite constant warnings from cybersecurity professionals about the risks posed increasingly sophisticated ransomware, email fraud, and malware threats in 2019 – suggests that healthcare IT and security professionals still have far to go.

Employee awareness and education is important as ever, of course, but the Bitglass report shows that breaches caused by lost or stolen devices has continuously decreased, from 148 incidents in 2014 to just 45 this past year.

But the steadily large number of breaches caused by IT failures point to the need for hospitals to do much better protecting their data with improvements to both technology and policy.

ON THE RECORD
"Healthcare firms have made progress in bolstering their security and reducing the number of breaches over the last few years," said Rich Campagna, CMO of Bitglass, in a statement. "However, the growth in hacking and IT incidents does deserve special attention. As such, healthcare organizations must employ the appropriate technologies and cybersecurity best practices if they want to secure the patient data within their IT systems."
 

Deirdre Fulton is communications professional and freelancer based in Maine.

On Twitter: @deirdrefulton

Healthcare IT News is a HIMSS Media publication.