Patient records breaches soared in 2019

Patient privacy was under attack last year, with more than 41 million patient records breached, according to a new report from Protenus.

In fact, healthcare breaches have been on the rise since 2016, and public reports of hacking incidents jumped 48.6% from 2018. With the increasing cybersecurity threats and rising record breaches, healthcare providers need to know how best to protect their data and patient information.

Protenus examined 572 health data breaches reported to HHS, the media or another source in 2019, with data in 481 incidents that impacted more than 41.4 million patients. The number of affected patients is likely to be underestimated as well because data was not available for all breaches. With the data examined, Protenus concluded the total number of affected patient records nearly tripled from 2018.

“This is an alarming trend which should change as more organizations deploy advanced patient privacy monitoring systems that can prevent future incidents,” the report reads, noting that even as protections have gotten better, more breaches are happening.

The biggest data breach of 2019 was a hacking incident of a business associate that resulted in nearly 21 million affected patient records. Nearly 12 million records were affected from just one client. Just two of the top 12 incidents were a result of insider error throughout the year.

As the risks continue to increase, healthcare compliance analytics may help providers and healthcare business associates. In addition, organizational education is essential to prevent insider breaches, which accounted for 19% of incidents in 2019. That’s an improvement from the 28% of insider breaches in 2018. These cases can be even more dangerous than hacking incidents.

“While there were substantially fewer patient records breached by insider-wrongdoing, they are often more dangerous since employees with legitimate access to patient information can abuse their access with malicious intent, often undetected,” the report reads.

Healthcare organizations face a slew of problems when a patient record breach happens, including losing the trust of patients and the cost of fixing the issue. Post-breach costs are estimated to be around $10 million per breach, according to the report, and insider threats that may be undetected for longer can cost even more.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”