Theft and disclosures account for most healthcare data breaches. But hackers took 3 times as many records

Over the last decade, healthcare organizations have been far more likely to report a data breach due to theft or an unauthorized disclosure.

Hacking, meanwhile, is much less common. But attackers make off with far more patient records.

In a new study published in JAMA Internal Medicine on Monday, researchers analyzed 1,138 healthcare breaches reported to the Department of Health and Human Services between 2009 and 2017. Two-thirds of those incidents were the result of theft—typically by an outsider or unknown party—or unauthorized disclosure, such as mailing mistakes that inadvertently disclosed sensitive information.

Hacking was far less common, accounting for just 20% of reported incidents. But hackers took 133.8 million patient records, more than half of the total patient records impacted during the nine-year span. Theft and unauthorized disclosures accounted for 42.5 million records combined.

RELATED: JAMA study examines variation in type, extent of health data breaches over time

“Healthcare entities must understand the causes of PHI breaches if they aim to effectively manage the trade-off between wider access or higher efficiency and more security,” the researchers from Michigan State University and Johns Hopkins Carey Business School wrote.

RELATED: Anthem pays record $16M settlement to HHS for 2015 data breach

The researchers used detailed breach descriptions published by HHS in March to confirm categorizations reported by each company and differentiate cases that involved paper or electronic records. Just over half were attributable to the organization’s own mistakes or neglect, and most breaches were located on mobile devices.

“Common corrective actions included encrypting and restricting the use of mobile devices when the breached PHI had been stored in those devices; digitizing PHI and enhancing the safety of the storage facility in which paper records were stored; and monitoring or auditing access to and strengthening firewalls for network servers or the cloud,” the researchers wrote.