Breaches Cost US Healthcare Organizations $13bn in 2020

Last year saw a double-digit surge in the volume of healthcare data breach incidents in the US, with over 26 million people affected, according to Bitglass.

The cloud security firm’s seventh annual Healthcare Breach Report was compiled from US Department of Health and Human Services records of breached protected health information (PHI).

It revealed that incidents increased by over 55% on 2019 figures to reach 599 breaches in the sector, impacting over 26.4 million people.

The vast majority (67%) were down to “hacking and IT incidents” stemming from external attackers. This category also accounted for larger breaches than the others, amounting to over 91% of compromised records.

Loss or theft of endpoint devices came next, accounting for over 584,000 individuals affected, followed by unauthorized disclosure of data by internal parties or systems (763,000). The “other” category of miscellaneous breaches and leaks impacted over 584,000 patients.

Although the number of victims dropped slightly from the 27.5 million recorded in 2019, the average cost per breached record increased from $429 to $499 over the period. That means healthcare organizations were on the hook for $13.2bn as a result of breaches last year. The sector also comes top of IBM's Cost of a Data Breach list, with an average of over $7.1m per breach.

“The vast majority of healthcare organizations process and store protected health information (PHI) such as Social Security numbers, medical history and other personal data. It is no surprise that these entities would be targeted by malicious cyber-criminals seeking to access sensitive data for monetary gain,” said Anurag Kahol, CTO of Bitglass.

“The exceedingly high number of hacking and IT incidents highlight the shifting strategies of malicious actors. As healthcare organizations continue to embrace cloud migration and digital transformation, they must leverage the proper tools and strategies to successfully protect patient records and respond to the growing volume of threats to their IT ecosystems.”

Healthcare organizations across the US and beyond have also had to contend with a surge in ransomware attacks, many of them also stealing sensitive data, as cyber-criminals sensed that hospitals would be distracted by the fight against COVID-19.

What’s Hot on Infosecurity Magazine?