Cybersecurity News

35% More Patients Impacted by Healthcare Data Breaches in H2 2022

A critical Insight report on healthcare data breaches found that the number of health records exposed increased from 21.1 million in 2019 to 28.5 million in 2021.

By Sarai Rodriguez

- Healthcare data breaches had the greatest impact in the second quarter of 2022 compared to previous years, with a 35 percent increase in the number of patient records affected, Critical Insight noted in its H2 2022 Healthcare Data Breach Report.

Based on an analysis of breach data reported by healthcare organizations to the HHS, the report found that in the second half of 2022, victims of healthcare data breaches had 28.5 million records exposed, which was an increase from 21.1 million in 2019.

While the number of individuals affected by data breaches increased, the total number of breaches in 2022 decreased, leading to a higher ratio of individuals affected per breach.

During the second half of 2022, 91,028 patients were affected per breach, compared to only 61,246 in the first half of 2022.

As has been reported by other health IT vendors, the majority of data breaches were attributed to hacking. The findings of Critical Insight’s report are in alignment, showing that nearly 78 percent of healthcare data breaches stemmed from hacking.

The second-most cited cause of data breaches was authorized access, causing 16 percent of reported healthcare data breaches. Following behind was theft at 3.5 percent, loss at 2 percent, and improper disposal at less than 1 percent.

What’s more, hacking incidents have increased from 61 percent in 2019 to 79 percent in 2022 and the percentage of unauthorized access has declined from 27 percent in 2019 to 15 percent in 2022.

Although hacking caused more breaches, unauthorized access exposes more records per breach, the report showed.

On average, the number of individuals affected per unauthorized access/disclosure breach increased from 5,700 patients in the first half of 2022, to over 143,000 in the second half.

In comparison, the number of individuals affected per hacking accidents grew from 73,900 in the first half of 2022, to over 87,000 in the second half.

This spike in the average of patients impacted per unauthorized access/disclosure primarily stemmed from three large breaches, which impacted 5.9 individuals in total. Additionally, the report called attention to the rising rate of EMR hacking.

“Now is a good time for healthcare companies to make sure they are focusing on preparation, detection and incident response. Companies seeking to improve their cybersecurity posture can do so by building capability internally, or by working with a partner who can provide expert cybersecurity staff and services,” the report stated.

“In addition to protecting themselves, healthcare companies must ensure that all third-party vendors, business associates and suppliers in their networks are following sound security procedures.”