Over the course of 2019, over 38 million healthcare records have been exposed in data breaches in the US alone, according to research published today by the HIPAA Journal.

This means that this year alone, the healthcare data of 11.64% of the US population has been exposed, stolen or incorrectly disclosed.

The journal, which draws data of reported breaches from the US Department of Health & Human Services’ (HHS) Office for Civil Rights, also found that October was the worst month so far for data breaches, with a 44.44% month-over-month increase in healthcare data breaches.

The news has been met with concern by the cybersecurity community, particularly given the sensitive nature of healthcare data.

“Healthcare information is some of the most sensitive of personal information,” said Javvad Malik, security awareness advocate at KnowBe4.

“While it is important to have healthcare information readily available to medical professionals, care needs to be taken that the information is not made available to criminals trying to gain access.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Combatting healthcare data breaches

While breaches of healthcare data is undoubtedly serious, arguably the bigger problem is the culture surrounding the handling of healthcare data, as while the tools to protect against breaches do exists, the sector does not appear to be applying them effectively.

“It’s not that there is a lack of data protection tools and procedures. Encryption, multi-factor authentication, data access models and such all exist,” explained Malik.

“What we have is more of a lack of willingness, or awareness to implement strong data protection controls, in some cases for good reason. But broadly speaking this is a cultural issue, where medical institutes, by and large, do not consider security requirements, and do not drill in security through every role.”

For some, the solution lies in going beyond basic legal requirements, and using robust systems that make it as difficult as possible for a breach to occur.

“To ensure patients’ care and safety, healthcare organisations must ensure that their environment is duly protected against unauthorised changes and misconfigurations, which can make their environment susceptible to a cyberattack,” explained Dean Ferrando, systems engineer manager – EMEA, at Tripwire.

“Given the increased cyberattacks against healthcare organisations, it is simply no longer sufficient to merely be compliant with security frameworks.

“When retaining this kind of data, it is critical to choose an encryption solution that not only protects the database instances, but also provides protection for data in transit and at rest.”

However, for Malik, healthcare must build security best-practices that are comparable to those found in physical healthcare environments:

“Until we see cybersecurity being embedded into the culture of healthcare organisations in the same way that we try to combat the spread of germs with constant reminders and availability of anti-bacterial hand wash, we will continue to see breaches occur.”


Read more: Two years on from WannaCry, healthcare sector is “fastest industry” in fixing security flaws