Data breaches in healthcare are becoming more common — and more expensive.
Last year, healthcare data breaches totaled 599, up 55.1% from 2019, according to a new report from cloud security company Bitglass. These breaches affected more than 26 million people.
Several major providers announced they suffered data breaches in 2020, with Pittsburgh-based UPMC and Omaha-based Nebraska Medicine being the latest to share their experience. Those breaches alone affected 255,000 individuals.
Further, the average cost of a breach in healthcare has increased 10.5% from 2019 to 2020, the new report shows. The cost per breached record also rose to $499 last year from $429 the year prior, a 16.3% jump.
For the report, Bitglass analyzed data from a Department of Health and Human Services database containing information about breaches of protected health information.
The report shows that hacking and IT incidents led to 67.3% of all healthcare breaches in 2020. This is more than three times that of the next highest category, unauthorized disclosure, which led to 21.5% of breaches. Loss or theft of devices accounted for only 8.7% of breaches, a far cry from 2014 when these were the leading causes of security breaches in healthcare. [Click to enlarge]
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
In 2020, hacking and IT incidents exposed healthcare information from 24.1 million breached records — which represents 91.2% of all breached records.
“These results demonstrate the heightened impact of cybersecurity breaches, the shifting strategies of malicious actors, as well as how healthcare organizations are grappling with cybersecurity in today’s dynamic, cloud-first world,” the report authors wrote.
The massive threat that hackers pose to the healthcare industry came into sharp focus toward the end of last year when three federal agencies released a joint notice warning of a credible cybercrime threat to U.S. providers.
Preventing cyber attacks is important, but so is quickly identifying and mitigating the effects of data breaches when they occur.
But the report found that months can lapse before a healthcare organization uncovers and recovers from a breach. To be exact, healthcare organizations take on average 96 days to discover a data breach and 236 days to recover from one.
The number of healthcare data breaches in 2020 also varied by state, the report shows. California experienced the highest number of breaches, reporting 49. But it was Michigan that had the highest count of individuals affected. This was mainly due to the breach that occurred at Livonia, Michigan-based Trinity Health, which impacted 3.3 million people. [Click to enlarge]
Overall, 37 out of 50 states suffered more breaches in 2020 than the year prior.
Photo: JuSun, Getty Images, Bitglass
