The Final Tally: Healthcare Breaches in 2016 The healthcare sector was dealt a rough cybersecurity hand in 2016. Department of Health and Human Services’, which tracks all reported breaches in the healthcare field, recorded 310 incidents for the year (affecting a minimum of 500 people in each case). All together, these breaches added up to affect a staggering 16.1 million people. The chart below, pulled from the Department of Health and Human Services, lists the 10 biggest healthcare breaches of 2016.
Business State Individuals Affected Submission Date Type of Breach
Banner Health AZ   3,620,000   8/3/16   Hacking/IT Incident  
Newkirk Products, Inc.   NY   3,466,120   8/9/16   Hacking/IT Incident  
21st Century Oncology   FL   2,213,597   3/4/16   Hacking/IT Incident  
Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants   AZ   882,590   8/12/16   Hacking/IT Incident  
County of Los Angeles Departments of Health and Mental Health   CA   749,017   12/16/16   Hacking/IT Incident  
Bon Secours Health System Incorporated   MD   651,971   8/12/16   Unauthorized Access/Disclosure  
Peachtree Orthopedic Clinic GA   531,000   11/18/16   Hacking/IT Incident  
California Correctional Health Care Services   CA   400,000   5/15/16   Theft
Community Health Plan of Washington   WA   381,504   12/21/16   Hacking/IT Incident  
We previously profiled Banner Health and the impact it had on the healthcare industry; this turned out to be the biggest breach of the year. You’ll notice that the overwhelming majority of these attacks are of the hacking/IT Incident category, or in other words, cyber-attacks. Gov Info Security reports that, “Since federal regulators began keeping track of major health data breaches in September 2009, they’ve listed 1,785 breaches affecting nearly 171 million individuals on the official tally. Of those, only 258 breaches are listed as hacking/IT incidents, but those affected a whopping 129 million individuals.”

Why Healthcare?

What we see on this chart points to a future where taking a proactive cybersecurity stance becomes even more important. Healthcare is a prime target for cyber criminals for a very basic reason – the sheer wealth of patient information healthcare providers store digitally. By breaching a healthcare entity, attackers have stories of valuable, personal data to choose from. This means that these attacks aren’t likely to go away any time soon. And as cyber-attacks and crime continue to grow more prominent in our society, our collective standards for cybersecurity must continue to grow. The breach report above shows just how devastating these attacks can be, with the top two breaches alone affecting over seven million people. While advancements in the fight against ransomware have helped slow this wave, healthcare organizations must stay especially aware of new threats, including the harnessing of IoT devices to carry out attacks. For more on what to expect in cybersecurity for 2017, click here.