Healthcare remains prime target for hackers

Healthcare data breaches have risen nearly every year from 2010 through 2017 and the security risks jeopardize hundreds of millions of patient records, according to a new study.

Healthcare organizations experienced more than 2,149 data breaches from 2010 to 2017, an analysis published Tuesday in JAMA found. Data breaches increased every year except 2015, jumping from 199 in 2010 to 344 in 2017, based on data from HHS' Office for Civil Rights. All in all, 176.4 million patient records were impacted.

Providers accounted for 70% of the data breaches at 1,503 incidents, but only 21% of the compromised records. Health insurer data breaches made up 13% of the total incidents, and their share has been declining since 2015. However, insurer breaches compromised the most patient records, at 110.4 million.

"A small number of breaches account for the majority of records breached," said Dr. Thomas McCoy, director of research at Massachusetts General Hospital's Center for Quantitative Health and lead author of the study.

Although physical theft used to be the data breach method of choice, now hacking has become the most prevalent method. That partly stems from more information being stored electronically and network servers becoming a more attractive hacking target.

Laptop, paper and film data breaches compromised 1.7 million patient records in 2010 compared to 1.1 million from network servers. By 2017, network server data breaches affected more than 139 million records compared to 35.2 million from breaches involving desktop computers, laptops, electronic health records, email, paper and film combined.

There have been more than 220 healthcare data breaches from January to July 2018 and more than 6.1 million patient records have been affected, according to a report in HIPAA Journal published in August.