1 in 3 Americans were victims of healthcare data breaches, attributed to a series of large-scale attacks that each affected more than 10 million individuals. These and other statistics are contained in Bitglass’ 2016 Healthcare Breach Report, which the company issued today.
The findings of the Bitglass 2016 Healthcare Breach Report come from analyzing data on the United States Department of Health and Human Services’ “Wall of Shame,” a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA).
“The 80 percent increase in data breach hacks in 2015 makes it clear that hackers are targeting healthcare with large-scale attacks affecting one in three Americans,” said Nat Kausik, CEO, Bitglass. “As the IoT revolution compounds the problem with real-time patient data, healthcare organizations must embrace innovative data security technologies to meet security and compliance requirements.”
Among the most significant findings of the report was that in 2015, 98 percent of record leaks were due to large-scale breaches targeting the healthcare industry. These high-profile attacks were the largest source of healthcare data loss and indicate that cyber attackers are increasingly targeting medical data. Such breaches include the widely publicized Premera Blue Cross hack, involving 11 million customers, and the Anthem hack, which resulted in 78.8 million leaked customer records.
In addition, the Bitglass report findings include:
- In 2015, more than 111 million individuals’ data was lost due to hacking or IT incidents in the U.S. alone.
- There were 56 breaches due to hacking or IT incidents in 2015, , up from 31 in 2014.
- Only 97 breaches were due to loss or theft last year, down from 140 in 2014.
- Only 5 percent of healthcare organizations use single sign-on for Google Apps or Office 365.
Why Healthcare Data?
Protected health information (PHI) — which includes sensitive information such as Social Security numbers, medical record data, and date of birth — has incredible value on the black market. A recent Ponemon Institute report on the cost of breaches found the average cost per lost or stolen record to be $154. That number skyrockets to $363 on average for healthcare organizations.
When credit card breaches occur, issuers can simply terminate all transactions and individuals benefit from laws that limit their liability. However, victims have little recourse when subjected to identity theft via PHI leaks, and many are not promptly informed that their data has been compromised. While criminals often leverage healthcare data for the purposes of identity theft, they can also leverage it to access medical care in the victim’s name or to conduct corporate extortion.
Under HIPAA, organizations dealing with PHI must implement several technical safeguards. Details on how Cloud Access Security Brokers can protect against breaches, and the key capabilities necessary to protect data in the cloud and achieve compliance, can be found in the full Bitglass 2016 Healthcare Breach Report.