Healthcare data breaches nearly tripled in 2019

In 2019, more than 41 million patient records were breached, nearly tripling the number of breaches from 2018, according to a report from Protenus and DataBreaches.net.

Protenus, a healthcare analytics company, compiled the data based on disclosures made to HHS or through the media.

The 41.4 million patient records breached in 2019 nearly matches the total from the previous three years combined (47.9 million).

While the total number of patient record breaches is staggering, more than half of the records — 21 million — were exposed during a single breach at American Medical Collection Agency, a third-party collections firm. Analysts were tipped off to the breach when they discovered patient information such as dates of birth and Social Security numbers for sale on the dark web, according to the Protenus report.

For the fourth consecutive year, Protenus reported a decrease in insider-related breaches. Ransomware incidents are trending in the opposite direction, however. Protenus reported a 48.6% spike in hacking incidents.

The findings underscore the growing concerns regarding cybersecurity in healthcare. Nearly 37 million patient records were impacted as the result of hacking, Protenus noted.

Additionally, Protenus provided data on how healthcare organizations responded to data breaches. On average, healthcare organizations took 224 days to discover an incident. Although HIPAA requires breaches to be reported within 60 days, healthcare organizations took an average of 80 days to report the incidents, according to Protenus.

Source: Revenue Cycle Advisor