Updated · Jan 10, 2024
Raj Vardhman is a tech expert and the Chief Tech Strategist at TechJury.net, where he leads the rese... | See full bio
Updated · Jan 03, 2024
Raj Vardhman is a tech expert and the Chief Tech Strategist at TechJury.net, where he leads the rese... | See full bio
If I was asked to describe myself using just a few words, I’d go with digital marketing expert, ex... | See full bio
Zak has a PhD in Computational Chemistry and has worked in tech for 12 years, with a focus on analyt... | See full bio
Healthcare facilities and databases are ripe with helpful information and valuable data. Due to this, cybercriminals target these facilities, causing data breaches.
Healthcare data breaches have been rampant over the past several years. Over the last decade, 2,550 of these have affected millions of records.
Even though none ranks among Marriott's 505 million personal data breaches, the nature of the stolen information makes them considerably more severe than most.
Let’s look at the trending healthcare data breach statistics as of 2023.
Editor’s Choice
|
2020 saw 39 high-profile breaches in the healthcare sector, costing this sector $6 trillion in one month.
Data also suggests that hackers prefer to attack larger hospitals due to the significant amount of data they hold. At the same time, smaller hospitals gather less attention.
Here are more on healthcare data breach statistics:
(CompliancyGroup)
That’s a 29.5% rise compared to 2020. All other industries had a combined median loss of $3.86 million in 2020 and $4.24 million in 2021.
Data breaches make healthcare damages 2 to 3 times higher than other sectors.
(Get Astra)
Healthcare has the highest number of security breaches.
This is no surprise, as stealing data from medical records is among the easiest ways to commit identity theft. This menace in healthcare is 25 times higher than with credit cards.
Medical companies should have better personal identity security practices to protect their consumers’ data from identity thieves.
(HIPAA Journal)
Incidents fell by 8% in February 2022 compared to January 2022. Nonetheless, these 46 incidents affected a whopping 2.5 million people.
Additionally, the healthcare sector accounted for more than a quarter (27%) of data breaches.
(UpGuard)
Ransomware payments decreased by 34% compared to the fourth quarter of 2021.
The decrease is due to hackers targeting smaller organizations and demanding lower payments, as attacks on large enterprises bring more severe investigations.
(Get Astra)
The healthcare sector alone lost $25 billion in the last two years. The report believes healthcare will be one of the industries most affected by hackers.
Healthcare data breaches can be very hazardous, leading to data theft, reputational and financial losses, and, most importantly, patient safety risks.
Healthcare firms reported 145 data breaches in the first three months of 2023.
In 2022, 707 data breach incidents occurred, in which 51.9 million records were stolen. It is no surprise that the healthcare sector is such a common target.
Read on to find out the extent these cybercriminals have gone in the healthcare sector.
(Independent.Co.UK & HIPAA)
Hackers exposed around 4.1 million records in March 2021 and 2.2 million in February 2022 – a reduction of roughly 1.8 million.
Yahoo experienced a data breach affecting nearly 1 billion individuals due to a malicious outsider who gained access through identity theft.
These records include sensitive information such as;
Helpful Article: Information or data people share or collect can be called digital footprints. It is managed through Active control, such as logins and cookies, or Passive, such as from IP addresses. |
(Bluefin)
PHI stands for protected health information, and the lack of security has resulted in a monetary loss. Healthcare breaches data statistics can put things in perspective - one that will allow us to manage the situation.
(Get Astra)
The third quarter of 2022 saw 1 in 42 healthcare organizations targeted by ransomware attacks. A reported breach in July 2022 affected nearly 2.6 million individuals.
(CNN)
The breach occurred on February 4, 2015, but was only discovered a few weeks later. Anthem later settled for $116 million while admitting no wrongdoing.
Looking at this settlement as “price per person affected,” the total totals $1.45 per affected record.
(Get Astra)
Anthem Inc. (Currently Elevance Health) was breached in 2015, causing the company to lose over 80 million personal data records. Due to this, the company was required to pay $115 million for damages to clients.
Within the next 3 years, there is a 25.7% chance of another Anthem-sized breach of over 80+ million records.
The news of the Anthem breach faded as quickly as it surfaced. Security breaches in healthcare do happen quite often nowadays.
Experts and companies should start addressing their security issues before another attack happens.
(Cleaver Fulton Rankin)
While this statistic isn’t specific to healthcare data breaches, it still puts things in perspective.
The figure for breaches related to medical institutions is likely to be similar.
(HIPAA Journal)
Data also shows that the average cost of a data breach is $4.24 million.
Marketing and Advertising are part of healthcare data breach costs due to the cost of repairing the hospital’s image and minimizing patient loss to competitors. Hospitals reported spending 64% more annually on advertising after a data breach over the following two years.
The best way to reduce the costs of a data breach is by proferring solutions and suggestions on detecting a data breach early.
Quick identification could also save millions of dollars as a hospital rebuilds its business and image following a breach.
(Security Intelligence)
In 2018, the percentage was only 45%. Many hospitals don’t know how to build their servers; instead, they use outdated systems and structures.
These systems are loopholes for hackers to find ways to infiltrate hospital systems.
Fun Fact: Did you know not all hackers are potentially harmful? White Hat hackers are ethical hackers that test system security. |
(UpGuard)
This is up 162% over the past 3 years; unauthorized access is already a massive issue. Nevertheless, it is still growing at an astounding rate.
34% of healthcare data breaches come from unauthorized access or disclosure of PHI. In comparison, 18% of teaching hospitals reported enduring a data breach.
(Academic.OUP)
Negligent breaches occur due to internal mistakes. 66% of organizations consider insider or accidental breaches more likely than external attacks.
In contrast, external forces like hacking would fall into the “malicious.” category. The study found that over 1,400 breaches were negligent, and about 700 were malicious.
Another serious threat is malicious intent. Disgruntled staff acting on emotion poses the most significant risk, causing 14% of data breaches. 88% of data breach threats come from negligent employees.
This could be via helping a hacking group compromise a system or doing it themselves.
(Get Astra)
Detecting a breach takes months and needs human resources like the services of professional cybersecurity analysts and financial resources to mitigate the damages.
A breach with a lifecycle of 200 days will cost the affected company $4.87 million. Hackers exploit 39% of breaches, taking months or more to discover, while victims remain unaware.
(Humanize Security)
Statistics for data breaches in healthcare reveal that 30% of all significant data breaches occur in hospitals.
On the other hand, 18% of teaching hospitals experienced a data breach. Thus the healthcare and finance industries remain the most popular targets at 15% and 10%, respectively.
(Get Astra)
This could be due to the age of many medical professionals. Older generations need help adapting to new tech.
As a result, they’re less aware of how cyber attacks work, how to spot the different types of malware, and how to neutralize them.
(Parachute.Cloud)
There were at least 849 million known healthcare cybersecurity incidents and 571 data breaches in 2022.
The FBI has found at least 16 cases of attempted break-ins into US Healthcare using CONTI ransomware in 2021.
The average financial loss due to data breaches in healthcare has skyrocketed, increasing from around $9 million to $10.10 million.
(Beckers Hospital Review)
For comparison, the US spends 16% of its federal budget on cybersecurity. The healthcare industry could put extra effort into solving these issues well.
Healthcare cybersecurity professionals allocate 6% or less of IT budgets to cybersecurity, compared to the 21% industry average.
Backend office technologies often use outdated, legacy systems, requiring upgrades and cybersecurity investments. These consume significant budgets for upgrading and cybersecurity tools.
(Get Astra)
Phishing is a common way for data thieves to pull off attacks. Statistics show that 14% of victims were attacked through business emails to company employees. Health information security breaches occur because hackers use this approach to find victims.
However, healthcare workers opening these emails doesn’t mean they all fell prey to these attempts. Still, it raises a red flag when such emails find their way through to the workers.
(Get Astra)
The change should start by educating doctors and future medical professionals on proper data security measures.
50% of medical practitioners in the risk category translate into an extremely high chance of breach that no cybersecurity specialist can prevent.
(Bluefin)
The cost per record for healthcare data is $408, 3x higher than the cross-industry average of $148 per record.
The average cost of a data breach for healthcare was $10.10 million in 2022, compared to the global average price of a data breach at $4.35 million.
Most record sources from other sectors often need to be completed, therefore, are not the target for identity theft; in comparison, healthcare data contain complete patient information.
(Tenable Network Security)
The only passing grade given, a C or above, was given to healthcare data centers.
Independent data and cybersecurity professionals often run data centers, leading to better scores.
(Info Security)
In a survey to understand why health information security breaches keep occurring, researchers found that talent shortage in the sector could be a huge contributor.
The findings show that these roles take an average of 70% longer to fill due to the functions they require hires to cover.
(HIPAA Journal)
Healthcare in America experienced a nearly 50% reduction in data breaches in January 2021, dropping from 62% in December 2020 to 32% in January 2021.
That translates to about one incident daily, a considerable improvement compared to 2020. In 2022, September had the highest number of data breaches at 95, translating to about three per day.
(Ekran System)
The repercussions from these can be costly. Overall, 21% resulted in legal liabilities, 40% in critical data loss, and 33% in operational disruption.
Here’s a healthcare data breaches list for 2021 due to insider attacks:
(PWC)
Data breaches have become commonplace, and cybercriminals continue to target healthcare companies. When they occur, businesses cannot function and suffer a negative reputation.
Additionally, they must hire cyber professionals to clean up the damage, pay ransoms, and provide victims' compensation.
Let’s review the healthcare companies attacked and data breached by cybercriminals, causing the biggest data breaches in the health industry.
Year: 2015
Impact: 78.8 million patient records stolen
Currently, Anthem is still the most significant healthcare data security breach.
A total of 78.8 million patient records were stolen. The type of data taken was susceptible and included records like social security numbers, dates of birth, and addresses.
Despite most victims being Anthem plan members, some were not. Anthem also managed its paperwork with several independent insurance companies to mitigate this.
Year: 2015
Impact: 11+ million people
Premera Blue Cross experienced a cyberattack in the middle of March 2015.
11 million customer data were affected as attackers managed to access financial and medical information, dates of birth, and social security numbers.
The leading cause of the cyberattack is insurance fraud over personal data.
Year: 2015
Impact: 10 million people
Excellus discovered the cyberattack on August 5, 2015, but it could have begun as early as December 2013, 2 years after the attack. Within 2 years, hackers have been able to access all patient records.
They exfiltrated names, Social Security numbers, addresses, financial information, medical claims information, credit card numbers, birth dates, and names.
Year: 2011
Impact: 4.9 million patients affected
Late 2011 saw a vast medical and personal data breach for families and military patients. The breach occurs when a data contractor transferred records from one facility to another, leaving data tapes within the vehicle.
When parked and unattended, the records were stolen. These include personal information, prescriptions, clinical notes, and lab test data. Luckily, they contained no financial information.
Year: 2015
Impact: 4.5 million patients affected
Someone hacked the UCLA Health System’s computer network, causing 4.5 million patient records to be exposed.
They exposed highly confidential information like health plan identification numbers, patient procedures, and diagnoses. They also leaked sensitive records like social security numbers, dates of birth, and names.
There are many talks about blockchain applications in healthcare and the security boost. The total spending on integrating blockchain into healthcare will rise to $5.61 billion by 2025. Still, so far, the healthcare data of most people is a highly lucrative sitting duck.
Fortunately, companies can find ways to safeguard information; at the same time, users can also protect their data from breaches.
People working in highly informative fields should opt for cybersecurity measures such as malware protection, applying VPN services to keep data private, password managers, and encrypting data and messages to avoid theft.
When an individual, either known to the organization or outside it, discloses sensitive patient data, either by accident or on purpose.
Last year in the US alone, there were just over four data breaches per day, according to healthcare data breach statistics.
They are hacking or IT incidents, unauthorized access, theft of equipment or paper records, loss of equipment or documents containing sensitive information, and improper data disposal.
No. Data breaches and cyber attacks on healthcare can disrupt care practices during post-data breach recovery.
Your email address will not be published.
Updated · Jan 10, 2024
Updated · Jan 09, 2024
Updated · Jan 05, 2024
Updated · Jan 03, 2024