Healthcare averaged 1 data breach per day in 2016
Last year didn’t see healthcare breaches on the scale of the Anthem hack of 2015, but there were still 450 reported breaches in 2016 affecting more than 27 million patient records, as reported in the "Breach Barometer Report: Year in Review” by Protenus.
The report, utilizing information from DataBreaches.net, said the work of employees was responsible for 192 of those incidents. Some 99 of those were due to accidental errors while 91 were insider wrongdoing, like an employee stealing records.
Hacking and ransomware attacks were to blame in 120 incidents. The majority of the breaches, 356, affected healthcare providers, while another 45 targeted health plans.
There wasn’t a linear trend in the number of incidents or amount of protected health information affected. The worst months were June (10.9 million patient records breached) and August (9.1 million), with monthly totals going as low as 104,000 in January.
The numbers don’t paint of a rosy picture of cybersecurity at providers and health plans heading into 2017.
“We’d love to tell you that by the end of the year things were starting to improve, but unfortunately that wasn’t the case,” the report said. “Patient data can still be easily obtained and used maliciously, by insiders and external actors alike. Even as healthcare leaders became increasingly aware of the importance of health data protection, the number of breach incidents remained relatively steady each month of the year, highlighting the continued threat to patient data. If 2016 trends continue, 2017 can expect to see a continued average of at least one health data breach disclosed per day.”
John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.