• This is an increase of 65% when compared to 14 million individuals affected in 2018.
• Hacking was cited as the major reason for most of the data breaches reported.

New data gathered by Fortified Health Security has revealed that 40 million Americans have been affected by healthcare data breaches that occurred in 2019. This is an increase of 65% when compared to 14 million individuals affected in 2018.

More details from the study

• The 2020 report, titled ‘The State of Cybersecurity in Healthcare’, has compiled yearly data from 2009 through 2019 and found that more than 189 million records have been breached over the last decade.
• Hacking was cited as the major reason for 59% of data breach incidents reported. It was found that the cybercriminals used phishing emails to launch most of the attacks against healthcare in 2019.
• The report also highlights that provider organizations continue to be the most targeted and successfully breached segment of healthcare. In 2019 alone, more than 334 provider entities were breached, affecting the personal details of 22.7 million patients.
• Other segments in healthcare sectors that experienced a year-over-year increase in reported data breaches were health plans and business associates.

Strict agreements under OCR

In the first 10 months of 2019, a total of eight resolution agreements were made between the Office for Civil Rights (OCR) and healthcare organizations. Each agreement included a steep fine, averaging more than $1.6 million, and corrective action plans that the organization is required to make to improve its cybersecurity program.

Bottom line

The Radware 2018-2019 Global Application and Network Security Report had disclosed that the average healthcare organizations are spending $1.4 million to recover from a cyberattack. In addition to these, the U.S healthcare system is spending hundreds of billions of dollars annually to boost its administrative costs and data loss prevention initiatives. As adversaries continue to utilize email as their weapon of choice, it is also very critical that every healthcare organization should develop and implement a simulated phishing program to make their cybersecurity effective and resilient.