Health IT, Hospitals

Report: First half of 2021 sees massive spike in number of data breach victims

Provider organizations accounted for 73% of all data breaches reported to the HHS in the first six months of 2021, impacting about 22.7 million individuals overall, a new report shows. This represents a 185% jump in individuals affected compared to the same period last year.

More than 22 million people have been affected by healthcare data breaches in 2021 so far — a jump of about 185% from the same period last year, according to a new report.

Released by Fortified Health Security, a healthcare cybersecurity service provider, the report includes data from the Department of Health and Human Services’ Office for Civil Rights.

The number of breaches reported to OCR in the first six months of 2021 increased by 27% over the same period last year — from 270 to 343. That figure has grown exponentially since 2015 when 142 data breaches occurred in the first six months of the year. This means breaches have spiked 141% between mid-year 2015 and 2021.

Healthcare providers continued to account for the most breaches (73% of the total), with health plans accounting for 16% and business associates 11%.

This is similar to findings in a report released by Fortified Health Security in January, which shows that provider organizations accounted for 79% of all breaches reported to the HHS in the first 10 months of 2020.

The total number of individuals affected by healthcare data breaches from January to June of this year skyrocketed to 22.7 million from 7.9 million in the same period last year, the report shows.

It is interesting to note that a small number of breaches accounted for more than 50% of all people affected. Five breaches, including ones involving an anesthesia practice and a grocery store chain that has pharmacies/clinics affected about 11.13 million people across the country.

Malicious attacks were once again the No. 1 cause of breaches, accounting for 73% of the total, according to the report. Unauthorized access/disclosure accounted for another 22%, while thefts, losses and improper disposals accounted for only 5%.

Overall, cybercrime is expected to result in global damages to the tune of $6 trillion this year. This figure is estimated to climb to $10.5 trillion by 2025.

“Now as the healthcare industry gets some breathing room from the pandemic, another one is surging — cyber attacks,” said Dan L. Dodson, CEO of Fortified Health Security, in a news release. “The attacks on our nation’s critical infrastructures, which includes our hospital systems, have resulted in government agencies showing a renewed focus on cybersecurity. This has helped move cybersecurity to the forefront of many boardroom discussions.”

Last October, three government agencies issued an advisory warning of an “imminent and increased cybercrime threat to U.S. hospitals and healthcare providers.”

President Joe Biden has also taken note of the issue, signing an executive order that aims to strengthen cybersecurity regulations.

The urgent need for an enhanced cybersecurity infrastructure in the country is underscored by several major healthcare breaches, including a recent ransomware attack on San Diego-based Scripps Health that exposed the data of around 147,000 patients.

Photo: WhataWin, Getty Images