The total number of records exposed in the healthcare sector rose to 11.5 million in 2018, according to the fifth annual Healthcare Breach Report, published by Bitglass.
The number of breaches reached a three-year low at 290 breaches total; however, the number of exposed records nearly doubled from 2017. Also notable in the report was that nearly half (46%) of the 11.5 million individuals who were affected by healthcare breaches in 2018 were so because of hacking and IT incidents.
An analysis of data acquired from a US Department of Health and Human Services (HHS) database that holds information on breaches involving protected health information (PHI) revealed that breaches in the healthcare industry fell into one of four categories.
In addition to those breaches related to malicious hackers and improper IT security, 36% of healthcare data breaches were categorized as caused by unauthorized access or disclosure of protected health information. A smaller number were the result of theft of endpoint devices. According to the report, the number of breaches caused by lost and stolen devices has fallen by nearly 70% since 2014. The final category encompassed those miscellaneous breaches and leaks related to items such as improper disposal of data.
On average, nearly 40,000 people were affected per breach, which is more than double the average number affected in 2017. Given that nearly half of breaches occurred because of hacking or IT issues, the report suggested that bad actors are targeting healthcare IT systems more frequently because they know there are massive amounts of sensitive data stored on those systems.
“Healthcare firms have made progress in bolstering their security and reducing the number of breaches over the last few years,” said Rich Campagna, CMO of Bitglass, in a press release. “However, the growth in hacking and IT incidents does deserve special attention. As such, healthcare organizations must employ the appropriate technologies and cybersecurity best practices if they want to secure the patient data within their IT systems.”
This article was originally published by infosecurity-magazine.com