If 2016 was a banner year for healthcare data breaches, 2017 is on pace to be just as bad, if not worse.
Statistics compiled by several outlets paint a bleak picture of data security across the industry. A midyear report (PDF) published by Protenus counted 233 breach incidents reported to the Department of Health and Human Services, on pace to exceed last year’s total of 450. The number of patient records affected in 2017 has surpassed 3.1 million.
The statics released on Wednesday build on a report last month released by the Identity Theft Resource Center that indicated healthcare was one of the hardest hit industries in the country during the first six months of the year.
Hacking and ransomware attacks have grabbed headlines in recent months, and for good reason. Data compiled by Protenus indicates hacking incidents are up 20%. Cybersecurity insurer, Beazley Group, noted that it saw a 133% increase in ransomware attacks among its healthcare clients compared to the first half of 2016.
But insider threats still play a predominate role in healthcare breaches. According to Protenus, 41% of data breaches in 2017 were tied to insider error or wrongdoing, which compromised nearly 1.2 million patient records. In 2016, 2 million records were tied to insider activity.
Likewise, Beazley’s stats indicated that unintended disclosures made up 42% of healthcare breaches in the first half of 2016, while hacks and malware accounted for 18%.
That’s a disconcerting trend, Protenus President Robert Lord said in a webinar on Wednesday. Despite increased awareness around cybersecurity, healthcare organizations aren’t bending the curve.
Dissent, a licensed healthcare professional that operates Databreaches.net added that she’s not optimistic about the remainder of 2017, adding that she’ll be “looking for coffee, Prozac and chocolate" to combat the stress of more breach reports.
“I see this year as really being a horrible one,” she said.