The healthcare sector was dealt a rough cybersecurity hand in 2016. Department of Health and Human Services’, which tracks all reported breaches in the healthcare field, recorded 310 incidents for the year (affecting a minimum of 500 people in each case). All together, these breaches added up to affect a staggering 16.1 million people.
The chart below, pulled from the Department of Health and Human Services, lists the 10 biggest healthcare breaches of 2016.
Business | State | Individuals Affected | Submission Date | Type of Breach |
Banner Health | AZ
|
3,620,000
|
8/3/16
|
Hacking/IT Incident
|
Newkirk Products, Inc.
|
NY
|
3,466,120
|
8/9/16
|
Hacking/IT Incident
|
21st Century Oncology
|
FL
|
2,213,597
|
3/4/16
|
Hacking/IT Incident
|
Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants
|
AZ
|
882,590
|
8/12/16
|
Hacking/IT Incident
|
County of Los Angeles Departments of Health and Mental Health
|
CA
|
749,017
|
12/16/16
|
Hacking/IT Incident
|
Bon Secours Health System Incorporated
|
MD
|
651,971
|
8/12/16
|
Unauthorized Access/Disclosure
|
Peachtree Orthopedic Clinic | GA
|
531,000
|
11/18/16
|
Hacking/IT Incident
|
California Correctional Health Care Services
|
CA
|
400,000
|
5/15/16
|
Theft |
Community Health Plan of Washington
|
WA
|
381,504
|
12/21/16
|
Hacking/IT Incident
|
We previously profiled Banner Health and the impact it had on the healthcare industry; this turned out to be the biggest breach of the year.
You’ll notice that the overwhelming majority of these attacks are of the hacking/IT Incident category, or in other words, cyber-attacks. Gov Info Security reports that, “Since federal regulators began keeping track of major health data breaches in September 2009, they’ve listed 1,785 breaches affecting nearly 171 million individuals on the official tally. Of those, only 258 breaches are listed as hacking/IT incidents, but those affected a whopping 129 million individuals.”
Why Healthcare?
What we see on this chart points to a future where taking a proactive cybersecurity stance becomes even more important. Healthcare is a prime target for cyber criminals for a very basic reason – the sheer wealth of patient information healthcare providers store digitally. By breaching a healthcare entity, attackers have stories of valuable, personal data to choose from.
This means that these attacks aren’t likely to go away any time soon. And as cyber-attacks and crime continue to grow more prominent in our society, our collective standards for cybersecurity must continue to grow. The breach report above shows just how devastating these attacks can be, with the top two breaches alone affecting over seven million people.
While advancements in the fight against ransomware have helped slow this wave, healthcare organizations must stay especially aware of new threats, including the harnessing of IoT devices to carry out attacks.
For more on what to expect in cybersecurity for 2017, click here.