Q2 Healthcare Data Breaches Exposed 3.15 Million Records

A continuing sign that the healthcare industry needs to strengthen its security capabilities: in the second quarter of 2018, an estimated 3.15 million patient records were compromised over the course of 142 breaches. Healthcare hacking incidents nearly doubled, making up 52 breaches in Q2, up from 30 breaches in Q1, based on data from Health and Human Services and other resources. Within those incidents:

• 44 hacks affected 2.1 million patient records
• Seven incidents involved ransomware/malware, and
• 10 were part of a phishing attack.

Among the most alarming trends, insiders were responsible for 31% of breaches in Q2. More than nine out of 1,000 healthcare employees breached patient privacy – up from five in Q1. The most common type of this breach: employees snooping on their own family members. 30% of privacy violations involved repeat offenders – if an employee breaches patient privacy once, there’s at least a 30% chance they will do it again within 3 months – and a 66%+ chance they’ll do it again within a year. Unfortunately, part of the porous nature of patient data is due to the stretched capabilities of security teams. In Q2, each hospital investigator is responsible for monitoring the access of an average 4,000 active users at 2.5 facilities.