Report: Healthcare Data Breaches Hit All-Time High in 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Healthcare Data Breaches Hit All-Time High in 2016

May 4, 2017
by Rajiv Leventhal
| Reprints
The number of actual records breached appears to be slowing down some, according to the findings

Healthcare data breaches hit an all-time high (328) in 2016, surpassing the previous record set in 2015 (268). And, records of approximately 16.6 million Americans were exposed as a result of hacks, lost or stolen devices, unauthorized disclosure and more.

These latest statistics on healthcare breaches comes from Bitglass, a Campbell, Calif.-based total data protection company. The third annual healthcare breach report aggregated data from the U.S. Department of Health and Human Services’ Wall of Shame—a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA)—to identify the most common causes of data leakage.

The report does offer some good news, however—despite the fact that records of more than 16 million Americans were exposed last year, that overall number of compromised records has declined for the second year in a row and early indications suggest that those numbers will continue to decline in 2017. So far in 2017, 1.5 million American records have been breached, according to the research. And while the Anthem breach that affected 78 million Americans skewed the numbers in 2015, even excluding that outlier, less than half as many customer records were leaked in 2016 as in 2015.

The 2016 year-in-review Breach Barometer report from Protenus painted a similar stark picture for last year—2016 averaged at least one health data breach per day, affecting more than 27 million patient records, that report found. Another recent report from IBM Security found that in 2016, 12 million records were compromised in healthcare—keeping it out of the top five most-breached industries. That research revealed that hackers were indeed focusing on smaller targets, thus resulting in a lower number of leaked records.

Other key Bitglass report findings include:

● Unauthorized disclosures are now the leading cause of breaches, as they accounted for nearly 40 percent of breaches in 2016.

● Hacking and IT incidents continue to pose the greatest risk; the volume of records that leak because of hacking is greater than all other breach events combined.

● All five of the largest breaches were the result of hacking and IT incidents in 2016. To put that in perspective, 80 percent of leaked records in 2016 were the result of hacking. So far in 2017, the largest breach was the result of theft and the four next largest breaches were due to hacking.

According to data from the Ponemon Institute, the average breach costs U.S. companies is $221 per lost record, which is up from $217 per record in 2015. The cost per leaked record for healthcare firms topped $402 in 2016.

“Breaches and information leaks are unavoidable in every industry, but healthcare remains one of the biggest targets,” said Nat Kausik, CEO, Bitglass. “While threats to sensitive healthcare data will persist, increased investments in data-centric security and stronger compliance and disclosure mandates are driving down the impact of each breach event.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.