The healthcare sector was dealt a rough cybersecurity hand in 2016. Department of Health and Human Services’, which tracks all reported breaches in the healthcare field, recorded 310 incidents for the year (affecting a minimum of 500 people in each case). All together, these breaches added up to affect a staggering 16.1 million people.
The chart below, pulled from the Department of Health and Human Services, lists the 10 biggest healthcare breaches of 2016.
Business
State
Individuals Affected
Submission Date
Type of Breach
Banner Health
AZ
3,620,000
8/3/16
Hacking/IT Incident
Newkirk Products, Inc.
NY
3,466,120
8/9/16
Hacking/IT Incident
21st Century Oncology
FL
2,213,597
3/4/16
Hacking/IT Incident
Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants
AZ
882,590
8/12/16
Hacking/IT Incident
County of Los Angeles Departments of Health and Mental Health
CA
749,017
12/16/16
Hacking/IT Incident
Bon Secours Health System Incorporated
MD
651,971
8/12/16
Unauthorized Access/Disclosure
Peachtree Orthopedic Clinic
GA
531,000
11/18/16
Hacking/IT Incident
California Correctional Health Care Services
CA
400,000
5/15/16
Theft
Community Health Plan of Washington
WA
381,504
12/21/16
Hacking/IT Incident
We previously profiled Banner Health and the impact it had on the healthcare industry; this turned out to be the biggest breach of the year.
You’ll notice that the overwhelming majority of these attacks are of the hacking/IT Incident category, or in other words, cyber-attacks. Gov Info Security reports that, “Since federal regulators began keeping track of major health data breaches in September 2009, they’ve listed 1,785 breaches affecting nearly 171 million individuals on the official tally. Of those, only 258 breaches are listed as hacking/IT incidents, but those affected a whopping 129 million individuals.”
Why Healthcare?
What we see on this chart points to a future where taking a proactive cybersecurity stance becomes even more important. Healthcare is a prime target for cyber criminals for a very basic reason – the sheer wealth of patient information healthcare providers store digitally. By breaching a healthcare entity, attackers have stories of valuable, personal data to choose from.
This means that these attacks aren’t likely to go away any time soon. And as cyber-attacks and crime continue to grow more prominent in our society, our collective standards for cybersecurity must continue to grow. The breach report above shows just how devastating these attacks can be, with the top two breaches alone affecting over seven million people.
While advancements in the fight against ransomware have helped slow this wave, healthcare organizations must stay especially aware of new threats, including the harnessing of IoT devices to carry out attacks.
For more on what to expect in cybersecurity for 2017, click here.