Patient records breaches soared in 2019

Patient privacy was under attack last year, with more than 41 million patient records breached, according to a new report from Protenus.

In fact, healthcare breaches have been on the rise since 2016, and public reports of hacking incidents jumped 48.6% from 2018. With the increasing cybersecurity threats and rising record breaches, healthcare providers need to know how best to protect their data and patient information.

Protenus examined 572 health data breaches reported to HHS, the media or another source in 2019, with data in 481 incidents that impacted more than 41.4 million patients. The number of affected patients is likely to be underestimated as well because data was not available for all breaches. With the data examined, Protenus concluded the total number of affected patient records nearly tripled from 2018.

“This is an alarming trend which should change as more organizations deploy advanced patient privacy monitoring systems that can prevent future incidents,” the report reads, noting that even as protections have gotten better, more breaches are happening.

The biggest data breach of 2019 was a hacking incident of a business associate that resulted in nearly 21 million affected patient records. Nearly 12 million records were affected from just one client. Just two of the top 12 incidents were a result of insider error throughout the year.

As the risks continue to increase, healthcare compliance analytics may help providers and healthcare business associates. In addition, organizational education is essential to prevent insider breaches, which accounted for 19% of incidents in 2019. That’s an improvement from the 28% of insider breaches in 2018. These cases can be even more dangerous than hacking incidents.

“While there were substantially fewer patient records breached by insider-wrongdoing, they are often more dangerous since employees with legitimate access to patient information can abuse their access with malicious intent, often undetected,” the report reads.

Healthcare organizations face a slew of problems when a patient record breach happens, including losing the trust of patients and the cost of fixing the issue. Post-breach costs are estimated to be around $10 million per breach, according to the report, and insider threats that may be undetected for longer can cost even more.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.