An analysis of 2020 healthcare data breaches has been conducted by Bitglass that shows the extent to which the healthcare industry was targeted by hackers.
There was a sharp increase in hacking and IT incidents in 2019 and that trend continued in 2020 when 67% of all reported healthcare data breaches were the result of hacking/IT incidents. The healthcare records of 24.1 million individuals were exposed in those breaches – 91% of all records breached in 2020. There were also increases in the number of unauthorized access/disclosure incidents, loss and theft incidents, and other breach causes.
2020 was a particularly bad year for healthcare data breaches. 599 healthcare data breaches were reported by healthcare providers, health plans, healthcare clearinghouses, and business associates of HIPAA-covered entities, with the breach count up 55% on the previous year. While the number of breaches increased, the number of individuals affected by the breaches – 26,435,831 – declined slightly from 2019, falling by a little over 1 million.
California was the worst affected state with 49 incidents reported, although Michigan was the worst affected in terms of the number of records exposed, which was largely due to a 3.3 million-record data breach at Livonia, MI-based Trinity Health. 37 out of 50 states saw the number of data breaches increase from the previous year.
When data breaches occur, it takes healthcare organizations an average of 96 days to discover the breach and an average of 236 days to recover, according to a data breach analysis by the Ponemon Institute/IBM Security. The costs of mitigating healthcare data breaches also increased in 2020. The average cost of a data breach was 10.5% higher than 2019, with the average cost per breached record increasing 16.3% to $499 per breached record.
“These results demonstrate the heightened impact of cybersecurity breaches, the shifting strategies of malicious actors, as well as how healthcare organizations are grappling with cybersecurity in today’s dynamic, cloud-first world,” explained Bitglass in the report.