Healthcare can't seem to get a break. It's barely passed the halfway mark for 2023, and it's been slammed in newsfeeds. Breaches in healthcare cybersecurity are estimated to affect more than 40 million Americans, potentially surpassing last year's 52 million cyber break-ins.
We cover the 10 largest healthcare data breaches so far this year and the costs from each one. We follow up to why the sector is such a target. Finally, we finish by offering solutions ranging from medical computers, which are available now, to upcoming technologies like artificial intelligence.
10 Healthcare Companies With Largest Data Breaches in 2023
The Office for Civil Rights, part of the Department of Health and Human Services (HHS), reports healthcare data breaches have risen by 30 percent compared to last year. The compromised data is primarily composed of electronic medical records (EMR) and protected health information (PHI), though some personal health records (PHR) linked to the first two have also been illegally accessed.
The following breaches have affected at least half a million people each. In total, more than 30 million Americans had their information stolen electronically in one form or another during the past six months. From the largest to the smallest, the breaches include:
Managed Care of North America
The private data of nearly nine million Americans were compromised by this breach of the dental insurance company. Full names, Social Security Numbers (SSN), insurance details, and dental records were some of the information stolen by the criminal elements.
PharMerica Corporation
Names and their associated SSNs, medication, and insurance information of nearly six million Americans were involved in this breach.
Regal Medical Group
Data stolen involved nearly four million people. They included names, SSN, diagnosis and treatment information, health plan member numbers, prescriptions, and lab results.
Cerebral, Inc.
HHS says more than 3.1 million people are affected in this breach. Information stolen included names, phone numbers, etc., including any mental health self assessments taken.
NationsBenefits Holdings
HHS says the NationsBenefits breach affected more than three million patients.
Harvard Pilgrim Health Care
Names, addresses, birthdates, SSN, and clinical information of nearly three million Americans were compromised.
Enzo Clinical Labs
Nearly three million records were involved in this breach which primarily involved patient names and clinical test information.
ZOLL Medical Corporation
Cyber criminals stole around a million individuals' personal information.
Community Health Systems
Nearly a million members of this hospital system are possibly affected by this breach according to the health department. Possibly disclosed information ranges from names and addresses to diagnosis and mediation data.
CentraState Healthcare System
Similar to Community above, New Jersey-based CentraState Healthcare System saw the records of more than 617,000 people illegally accessed by cyber criminals. Dates of service, diagnoses, treatment plans, and prescription info are just some of the data involved in the breach.
The financial costs to already strained medical centers and hospitals is staggering. Earlier this year, IBM released a report indicating healthcare data breaches cost an organization on average between $4.45 - $4.75 million in 2023. That's an 8 percent increase from last year. Many of these numbers do not count penalties from non-compliance with the Health Insurance Portability and Accountability Act (HIPAA) or the rising premiums of cyber insurance.
Four Reasons Why Data Breaches Happen in Healthcare
Cyber criminals target the healthcare sector at a higher rate and frequency than other industries. Reasons vary, but cybersecurity experts point most healthcare data breaches fall under one or more of the following four categories:
Patient Information
Private patient information is worth a lot of money to the criminal element. Health records, especially, are a particularly lucrative target. While social security numbers are valued at around $1 each, and credit card information can fetch between $5 to $100, patient's personal and medical records can easily be worth thousands. And unlike bank accounts and credit cards, which can be easily closed, EMRs cannot. This allows criminals to use them to obtain everything from new insurance policies to controlled substances.
Medical Devices
Today's healthcare system is highly technological. Advances in digital technology like the Internet of Medical Things (IoMT) and cloud storage make it easier than ever for providers and staff to access patients' most current health information. Unfortunately, this offers many digital "entry points" for hackers to access where they're stored. Also, the number of devices used in hospitals makes it difficult, if not impossible, for healthcare IT to stay on top of their security.
Remote Data Access
Healthcare organizations employ hundreds, if not thousands, of personnel. This not only includes direct hirees, but contractors as well. This creates a sprawling IT infrastructure with sensitive information spread across data centers, the cloud, file servers, storage, smartphones, laptops, medical grade tablets, computers, and more. Unfortunately, this creates yet more entry points for hackers.
Work Overload
Finally, medical professionals, overwhelmed by their large workloads, will typically push privacy measures to low priority. This is especially true if they come at the expense of any disruption in workflow to providing patient care. It's estimated that employee negligence accounts for over 80 percent of healthcare data breaches. This is worsened as cybersecurity receives about only about six percent of most healthcare IT's budget.
Three Way to Prevent Healthcare Data Breaches
Once, a medical clinic or hospital could simply protect patient data by locking a file cabinet or records room. That's no longer the option in today's highly networked world of databases. Here are some cybersecurity strategies healthcare IT can use to secure patient data and other forms of sensitive information.
Identification
Make sure the medical-grade computers and tablets used throughout the organization are equipped with biometric, smart card, and other forms of ID verification features. This ensures only authorized medical staff have access as well as making it easier to trace any internal breaches.
Medical Device Legacy Support
Legacy devices in healthcare are medical systems generally no longer supported by their original manufacturers. This means they can act as entry points for breaches as many may not have the latest cyber security features. Medical box PCs and similar computers can be had with legacy ports. This allows them to attach to the devices and offer protection to their data streaming through.
Cybersecurity by AI
Artificial intelligence (AI) is rapidly making inroads in cybersecurity. Its abilities to process and monitor healthcare's massive amounts of data in real time makes AI perfect for detecting and countering cyberattacks like malware.
Closing Thoughts
Healthcare data breaches are unauthorized access to private medical information like EMR and PHI. For 2023, the 10 largest breaches affect more than 30 million patients in the US and the number looks to continue to grow.
If your medical group, hospital, or both are interested in learning how to protect patient data, contact an expert here at Cybernet. Data breaches are not only expensive but potentially dangerous to a patient's well-being. Our experts will happily go over how medical computers can minimize such attacks both in the short- and long-term.
Join the conversation and connect with us on this and other relevant topics - Follow us Facebook, Twitter, and Linkedin.