Healthcare providers, health plans accounted for most breaches, patient records exposed

Between 2010 and 2017, healthcare providers and health plans accounted for the most breaches and largest number of patient records compromised from breaches, according to a research letter published in JAMA.

In the letter, authors Thomas McCoy Jr., MD, and Roy Perlis, MD, analyzed data breaches reported to the Department of Health and Human Services Office of Civil Rights between 2010 and 2017.

According to data, there were 2,149 breaches that comprised a total of 176.4 million records during that period. The reported breaches ranged in size from 500 to 78.8 million records. The number of breaches also increased each year.

Healthcare providers were the most common entities breached, with 1,503 breaches and a total of 37.1 million health records compromised. Health plans accounted for the largest share of breached records, with 278 breaches and 110.4 million records compromised.

“The greatest numbers of records breached were accessed via network-connected information,” the authors said. “As the type of data breached shifted toward electronic records and away from paper records, the nature of the breach likewise shifted toward electronic means, such as hacking.”

With an increasing amount of breaches in the healthcare industry, the authors suggested data security be improved to ensure patient records remain safe.

“Although networked digital health records have the potential to improve clinical care and facilitate learning health systems, they also have the potential for harm to vast numbers of patients at once if data security is not improved,” the authors concluded.