Bitglass blames hacking, IT incidents as main reasons for breaches
A new report from cloud security vendor Bitglass contends that hacking and IT incidents account for about half of all healthcare data breaches.
The company sets the total number of records exposed in 2018 at 11.5 million, doubling the number of records exposed in 2017.
However, healthcare organizations experienced fewer breaches in 2018 than in 2017; however, the total number of records breached in 2018 had more than doubled the total from 2017. The steady rise of hacking suggests that healthcare IT systems are increasingly being targeted by actors who recognize that healthcare organizations hold massive amounts of sensitive data, according to the report.
“Healthcare firms have made progress in bolstering their security and reducing the number of breaches over the last few years,” notes Rich Campagna, chief medical officer at Bitglass. “However, the growth in hacking and IT incidents does deserve special attention. Organizations must employ appropriate technologies and cybersecurity best practices if they want to secure patient data in their systems.”
Hacking and IT incidents caused 46 percent of breaches in 2018, and unauthorized access and disclosures accounted for 36 percent of incidents. The average number of persons affected by a breach last year was 39,739, which was twice the average reported in 2017.
On the upside, breaches caused by lost or stolen devices have fallen by 70 percent since 2014. Lost or stolen devices once where the primary reason for data breaches, but these have significantly declined, according to the Bitglass report. However, these breaches have been replaced by hacking and information technology incidents, even in years where the overall number of breaches declined. This is because IT systems are attractive targets for criminals seeking vast amounts of information for resale or committing identity theft.
Provider and payer organizations also are confronting higher costs per breach as the years go by. The cost per record for a breach in 2016 was $369 and a year later it was $380. Now, the cost per record has hit $408, which is about double the cost of a breached record in the financial services sector.
Healthcare organizations also take a longer time to identify a breach, with a mean time from incident to discovery of 255 days—the second longest for any industry—and it takes 103 days to contain a healthcare breach, which is the longest of any industry.