More than 15 million U.S. patient health records were breached in 2018, according to a Protenus report.
The report, part of the "Protenus Breach Barometer" series, analyzed healthcare breaches reported to HHS or disclosed to the media last year. The report is based on 503 health data breaches reported to HHS. Protenus has data on 417 of those incidents.
Eight report highlights:
1. There was a slight increase in reported data breaches from 2017, which saw 477 breaches compared to 503 in 2018.
2. The single largest incident in 2018 was the result of a hack on a business associate of a North Carolina-based health system, affecting 2.65M patient records.
3. Hacking was the most common type of data breach in 2018, accounting for 44.22 percent of all incidents, followed by insider error or wrongdoing (28.09 percent) and loss or theft (14.34 percent). Another 13.35 percent of incidents were due to unknown causes.
4. Roughly 2,056,138 patient records were breached because of an insider error, while 386,469 records were breached because of insider wrongdoing.
5. Of the 503 incidents in 2018, 353 (or 70 percent) involved healthcare providers; 62 (or 12 percent) involved health plans; and 39 (or 8 percent) involved some other type of entity.
6. Although most healthcare organizations have digitized patient records, 89 incidents in 2018 involved paper records.
7. The longest it took an organization to uncover a data breach was 15 years, while the shortest time it took an organization to uncover a data breach was one day.
8. California had the most reported incidents with 63, followed by Texas with 38, and Florida with 31. Two states — Delaware and South Dakota — reported no healthcare data breaches in 2018.
To download the complete report, click here.