It's been established at this point that both the cost and the sheer number of healthcare data breaches have increased over the last several years but now, thanks to recent academic research, we have some numbers around the growth.
A study published in the Journal of the American Medical Association last week puts the number of records breached each year around 176 million, a figure that correlates to about 344 breaches a year. That’s a 70 percent increase from seven years ago.
Researchers at the Massachusetts General Hospital Center for Quantitative Health carried out the research, poring over 2,000+ data breaches reported to the Department of Health and Human Services from 2010 to 2017.
The number of breaches - 2,149 - affected 176.4 million records over that span.
According to the study, “Temporal Trends and Characteristics of Reportable Health Data Breaches, 2010-2017,” over the last seven years, 75 percent of the records the researchers looked were either breached, lost, or stolen. The Office for Civil Rights (OCR) traditionally categorizes records in this field as being breached by a "hacking or IT incident."
The report points out that while yes, doctor's offices and healthcare providers are usually hit by breaches, the most healthcare records are lost by large health plans; 110.4 million over the seven-year period. It's probably safe to say 2015's breach at Anthem, which saw 79 million records compromised after a subsidiary was phished in 2014, moved the needle significantly here.
Overall, the number of healthcare breaches seems poised to rise this year. An August report via Protenus, a healthcare data analytics company, said there were 142 healthcare breaches in the second quarter of 2018, a number that if extrapolated, suggests we could push 600 healthcare breaches this year.
Despite these jarring numbers, recent reports suggest looking ahead the number of actual breached records may decrease this year. There were reportedly only 1.13 million records exposed in Q1 this year and 3.14 million in Q2, suggesting numbers if stretched out across the year, would fall well short of 132 million records.
“Although networked digital health records have the potential to improve clinical care and facilitate learning [in] health systems, they also have the potential for harm to vast numbers of patients at once if data security is not improved,” the authors of the paper, Thomas H. McCoy Jr., M.D., and Roy H. Perlis, M.D., M.Sc., wrote.
For the healthcare industry the statistics reaffirm the importance of having a data protection program in place, not only to comply with HIPAA but to ensure that sensitive health data is classified, encrypted, and monitored.
