In 2015, there were 255 data breaches affecting 500 or more individuals reported to HHS Office of Civil Rights data breach notification portal, and these breaches affected a total of more than 112 million health records.
With the United States population nearing 322.8 million on Dec. 31, approximately 34.7 percent of the population's health records were compromised last year.
Additionally, the three biggest healthcare data breaches of all time were reported in 2015, and the five biggest breaches of the year — including the cyberattacks on Indianapolis-based Anthem and Mountlake Terrace, Wash.-based Premera Blue Cross — alone affected 108.2 million individuals.
A Forbes report indicates 90 percent of the 10 biggest breaches of the year were labeled as "Hacking/IT Incident" on the HHS OCR's database, and it predicts the healthcare industry will continue to be targeted and attacked in the upcoming year.
"In a data-driven world, medical information is just too lucrative and too easy to steal at scale," according to the report. "As long as that's the case…we should reasonably expect more of the same for 2016."
Mike Willingham, vice president of quality assurance and regulatory affairs at Caradigm, says the source of data breaches in 2015 is significant, as it indicates a shift away from negligence and toward premeditated attacks.
"Prior to this past year, the majority of healthcare breaches were related to lsot or stolen computing and data storage devices that were unencrypted. This 2015 report highlights a significant turning point for the healthcare information security community, with external hackers infiltrating large companies with substantial data sets, as the market value of healthcare data has increased," he says. "In all cases, these cyberattacks were active for months before being detected. The lack of automated access controls and the lack of effective active network monitoring were exposed as key vulnerabilities. To combat the increasing risk of external hackers (as well as malicious insider attacks), organizations should plan for technology and personnel investments in these critical areas of data security management."
Editor's note: This article was updated Jan. 6, 2016 at approximately 4:06 pm CST to include commentary from Mike Willingham.
More articles on data breaches:
ProPublica launches HIPAA Helper database to search breaches by providers
Stolen laptop prompts breach notification at Texas rehabilitation hospital
Data breaches in 2016: What can we expect?