Did you know that medical data is the new gold? Unencrypted patient records are worth $300 billion, and that number will keep growing. This blog will explore the recent medical data leaks and their potential consequences. You’ll also learn how to protect your sensitive information — so you can avoid being one of the many victims of medical data breaches.
A recent study by Comparitech covered breaches. Their team of researchers analyzed data from 2009 to June 2022 to find out which US states suffer the most medical breaches and how many records have been affected each year. They also looked at breaches from January 2021 to June 2022 to find the most significant cause of these breaches and the most-affected healthcare organizations.
Key Findings
- In 2017 alone, there were over 2,800 data breaches, affecting over 178 million patients in the US alone.
- More than half of data breach victims don’t even know they’ve been affected.
- Only 13% of healthcare providers offer free identity protection services.
- Over 50% of data breach victims do not change their passwords after a breach.
- 4,746 medical breaches were reported between 2009 and June 2022.
- These breaches affected 342,017,215 user records.
- 803 documented medical breaches made 2020 the year with the most (the second-highest was 2021 with 711).
- With almost 112 million records affected overall, 2015 saw the most records affected.
- Hospital networks are responsible for the most records that have been compromised in 2021 and 2022 (so far), accounting for 8.8 million records (16 percent of all records affected). Specialist clinics—clinics that specialize in a particular area of medicine—account for the most data breaches (15 percent), with 130 breached entities overall.
- Hacking was the most frequent breach in 2021 and 2022 (so far), making up 40% of breaches (353 out of 862).
Top 5 Medical Data Breaches
Anthem Inc. – The second-largest health insurance company in the US, was hit with a massive data breach in 2015 – one of the largest on record (78.8 Million records).
Optum360 LLC- From August 2018 to March 2019, hackers gained access to the sensitive financial and personal data of 11.5 million lab patients at the American Medical Collection Agency.
Excellus Health – This breach affected 10 million people and was discovered two months after the Anthem breach was announced.
Premera Blue Cross – This breach impacted 11 million people and was caused by malware that was used for two months. Premera Blue Cross was compelled to pay the OCR $6.85 million.
Laboratory Corporation of America Holdings- In 2019, A hacker gained access to the American Medical Collection Agency, a third party it employed for payments. Over 10.2 million people’s personal, financial, and medical information was compromised.
Biggest Years for Medical Data Breaches
The year with the most medical data breaches, with an overall total of 803, was 2020. A significant number of breaches were also reported in 2021 (711), closely followed by 2019 (520). This demonstrates the exponential growth in medical data breaches over the past three years.
The median number of records affected by each breach between 2009 and 2018 remained roughly 2,000 when we looked at the median number of records affected for each year. In 2019, there was a significant increase from 2018. (rising by 70 percent from 2,284 to 3,893). This persisted through 2020 (with a rise of 26% from 3,893 to 4,916) and from 2021 to 2022. (rising by 4 percent up to 5,122).
Why the increase in data breaches? There are many reasons, including the fact that the healthcare industry is growing, more people are using the Internet, and more sensitive data is being exchanged online. The healthcare industry is still struggling to adapt to the cyber threat landscape.
Most Common Data Breach Type
Data breaches are rising, and data loss is becoming more common. But what type of data breaches are most prevalent in the healthcare sector? Healthcare providers losing control of their data is a common occurrence nowadays.
With 288 out of 711 breaches (41 percent) in 2021 involving medical companies, hacking emerged as the most prevalent method. With 161 attacks (23% of all attacks, excluding unknowns), ransomware was the next most prevalent category. Theft of data is the third most prevalent type of data breach.
2022 for Medical Data Breaches
151 documented medical data breaches impacted 7,997,739 records during the first half of 2022. Even if these numbers seem low, they may increase over the next few months. Perhaps more focused attacks are the cause of this. This is evident from the MCG Health data leak. The software provider revealed that its systems were breached through unauthorized access on June 10 this year. Nearly 800,000 records have been affected by the breach on MCG Health, and at least eight organizations have reported it thus far.
Conclusion
The healthcare sector is under attack, and the threat is likely to grow as time goes on. The best way to protect sensitive information is to prepare in advance. Encrypt the data before sending it over the Internet or storing it on a device. This protective measure can be applied to nearly any data type, preventing unauthorized individuals from accessing the information.
Protected Harbor helps companies prevent cyber breaches, data loss, and regulatory non-compliance by offering security solutions such as data monitoring, cloud security, and DLP. Our clients include small businesses, enterprises, healthcare, and government agencies.
Protected Harbor is one of the top cybersecurity providers trusted by thousands of businesses across the country for offering robust cybersecurity solutions. With our expert team of engineers and technicians, you can be assured complete security for your business.
Get a free cybersecurity and ransomware audit today and get cyber-secured