PHI breaches up 25 percent in 2014

Breaches of protected health information increased more than 25 percent from 2013 to 2014, according to a new analysis published this week by IT security assessment company Redspin.

Close to 8.9 million patient health records were breached, up from just over 7 million the prior year. The largest breach, according to the report, was the hack attack on Franklin, Tennessee-based Community Health Systems, in which records for 4.5 million patients were compromised. CHS operates 206 hospitals in 29 states.

More than 53 percent of reported breaches were the result of hack attacks, according to Redspin.

"It was only a matter of time before hackers targeted hospitals," Redspin President and CEO Daniel Berger said in a statement. "Health records are very valuable on the black market."

The report called the majority healthcare providers "ill-equipped" to handle sophisticated cybersecurity threats, noting that the transition from paper to electronic health records was "layered on top of inadequate IT security infrastructures, teams and budgets." It also pointed out that healthcare IT security budgets are about 20 percent of what "comparable industries spend."

The three largest breaches--the CHS hack, and incidents involving Xerox State Healthcare and Sutherland Healthcare Solutions--accounted for 77 percent of the total records breached for 2014, according to the report.

A report published earlier this week by the Ponemon Institute determined that medical identity theft incidents rose more than 20 percent in fiscal year 2014 compared to the year prior. Of 49,000 U.S. adults surveyed for the report, 68 percent indicated that they are not confident in their healthcare providers' security measures.

Healthcare attorney David Harlow, who talked to FierceHealthIT for a recently published special report on cybersecurity, called for a combination of multifactorial authentication, layered protection and data minimization to help with breach prevention. He reiterated, however, that privacy protection is not guaranteed.

To learn more:
- download the report
- check out this announcement