The healthcare sector was dealt a rough cybersecurity hand in 2016. Department of Health and Human Services’, which tracks all reported breaches in the healthcare field, recorded 310 incidents for the year (affecting a minimum of 500 people in each case). All together, these breaches added up to affect a staggering 16.1 million people.

The chart below, pulled from the Department of Health and Human Services, lists the 10 biggest healthcare breaches of 2016.

Business State Individuals Affected Submission Date Type of Breach
Banner Health AZ

 

3,620,000

 

8/3/16

 

Hacking/IT Incident

 

Newkirk Products, Inc.

 

NY

 

3,466,120

 

8/9/16

 

Hacking/IT Incident

 

21st Century Oncology

 

FL

 

2,213,597

 

3/4/16

 

Hacking/IT Incident

 

Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants

 

AZ

 

882,590

 

8/12/16

 

Hacking/IT Incident

 

County of Los Angeles Departments of Health and Mental Health

 

CA

 

749,017

 

12/16/16

 

Hacking/IT Incident

 

Bon Secours Health System Incorporated

 

MD

 

651,971

 

8/12/16

 

Unauthorized Access/Disclosure

 

Peachtree Orthopedic Clinic GA

 

531,000

 

11/18/16

 

Hacking/IT Incident

 

California Correctional Health Care Services

 

CA

 

400,000

 

5/15/16

 

Theft
Community Health Plan of Washington

 

WA

 

381,504

 

12/21/16

 

Hacking/IT Incident

 

We previously profiled Banner Health and the impact it had on the healthcare industry; this turned out to be the biggest breach of the year.

You’ll notice that the overwhelming majority of these attacks are of the hacking/IT Incident category, or in other words, cyber-attacks. Gov Info Security reports that, “Since federal regulators began keeping track of major health data breaches in September 2009, they’ve listed 1,785 breaches affecting nearly 171 million individuals on the official tally. Of those, only 258 breaches are listed as hacking/IT incidents, but those affected a whopping 129 million individuals.”

Why Healthcare?

What we see on this chart points to a future where taking a proactive cybersecurity stance becomes even more important. Healthcare is a prime target for cyber criminals for a very basic reason – the sheer wealth of patient information healthcare providers store digitally. By breaching a healthcare entity, attackers have stories of valuable, personal data to choose from.

This means that these attacks aren’t likely to go away any time soon. And as cyber-attacks and crime continue to grow more prominent in our society, our collective standards for cybersecurity must continue to grow. The breach report above shows just how devastating these attacks can be, with the top two breaches alone affecting over seven million people.

While advancements in the fight against ransomware have helped slow this wave, healthcare organizations must stay especially aware of new threats, including the harnessing of IoT devices to carry out attacks.

For more on what to expect in cybersecurity for 2017, click here.