Errors by employees and business associates will drive the number of major healthcare data breaches to a record high in 2017, according to a new forecast.
Analysis of five years’ of data from the U.S. Department of Health & Human Services suggests the number of cases involving 500+ compromised health records is likely to exceed 300 incidents for the first time next year.
And the research by data loss prevention specialists Safetica North America identifies insider error as the key driver behind the rising trend of breaches.
The Department of HHS statistics reveals that “unauthorized access and disclosure” by insiders was the primary cause of healthcare data loss this year – accounting for 41% of breaches in 2016, up from 37% in 2015.
Hacking accounted for 31% of this year’s breaches – up from 21% the year before.
But the data suggests that physical security of devices like laptops and desktop computers and paper-based records is improving.
Theft as the primary cause of a data breach fell to its lowest level this year since 2013 – accounting for 56 breaches compared to 80 in 2015, and 126 in 2013.
Overall, Safetica’s research shows:
- The number of major cases has risen from 209 incidents in 2012, to 270 in 2015 and 297 this year.
- 15million confidential records were compromised in 2016 – five times as many as in 2012, and three times as many as 2014.
- But the 2016 figures show a sharp drop on the 113m records that were compromised in 2015 – although one breach alone (Anthem) accounted for nearly 70% of last year’s tally.
Luke Walling, General Manager of Safetica North America, said: “If we follow the year-on-year increase from 2015, we could see as many as 325 major breaches next year. We’ll be within sight of one major breach in healthcare for every day of the year.
“But the story in the statistics is that healthcare organizations face a real threat – and a growing threat – to their data from insiders accessing information and sharing it without authorization.
“The old proverb ‘Physician, health thyself’ seems appropriate here.
“There’s no doubt that the depth of valuable data in healthcare records will continue to make them a prime target for hackers looking to sell confidential information on the dark web.
“But by deploying better internal security technology and controls, and offering staff better training, healthcare organizations can take preventative measures against this growing problem.”