Fortified Health Security recently gathered data showing that 40 million Americans were affected by health data breaches in 2019 — a 65% increase from 14 million in 2018.
The 2020 report, titled The State of Cybersecurity in Healthcare, compiled yearly data from 2009 through 2019 and found last year was the highest number recorded since 2015 when 113.27 million records were exposed — an increase of 84% from 17.4 million in 2014.
The data also shows 2012 had the least number of data breaches with 2.8 million records exposed, which was a 78% drop from 13.1 million in 2011.
The number of entities involved in health data breaches has also significantly increased. In 2019, 429 entities were affected — the highest in the period under review and a 95% increase from 18 entities in 2009.
Provider organizations continue to be the most targeted, making up 78% of all breaches (a 2018 and 2019 comparison can be seen in this article’s chart).
Although 2015 recorded the highest number of health data breaches, only 268 entities were involved, representing a drop of 14% from 314 entities in 2014.
Data also shows approximately 59% of 2019’s breaches were breached through hacking. Of the hacking, phishing has been the most commonly used method. Also in 2019, 41% of breaches were done through email.
Over the last decade, more than 189 million records have been breached, equalling more than 59% of the U.S. population.
“Cybercriminals continue to place a high value on the healthcare industry and are using more advanced and scalable tools to cause disruption,” reads the report.
“The healthcare industry is vulnerable not only because of the sensitive and valuable information it stores, but also due to the ‘always on’ nature of its business and its need for constant data access.”
Here’s what the report predicts for healthcare cybersecurity in 2020:
- A 10-15% increase in the number of entities breached with providers being the most targeted
- Email will be the attack method of choice through sophisticated phishing campaigns
- Continued cybersecurity technology vendor investment and consolidation, particularly as it relates to IoT
The report also provides several recommendations for healthcare entities to secure their data:
- Develop and implement simulated phishing; be sure to consider culture and human resource requirements
- Understand third-party risk; establishing strong governance and a risk-based model is crucial
- Operationalize your technology; do not purchase technical point solutions without adequately planning for the ongoing management of these tools
This story premiered on our sister site, Campus Safety.