Report Finds Health Sector Has Suffered Over 5,000 Breaches Since 2009

A report recently issued by Comparitech has found that almost 5,000 healthcare breaches have been reported to the Department of Health and Human Services’ Office for Civil Rights’ (OCR) data breach portal since 2009. The breaches involved more than 342 million medical records. 

The researchers at Comparitech evaluated data from the period between 2009 to June 2022 to determine which states in the United States experience the most medical data breaches and how many medical records are exposed annually. Additionally, the researchers examined from January 2021 to June 2022 in-depth to determine their main causes and the healthcare organizations they most severely impacted. The study focused on data breaches that have devastated healthcare organizations, many of which resulted in the misuse of a patient’s confidential medical information, endangering their health and, in some cases, their lives. Healthcare systems can frequently fall offline as a result of breaches, depriving medical personnel of vital information. Social Security numbers, health insurance details, prescription drug information, medical histories, and even financial information related to medical bills may all be accessible to threat actors.

The researchers found that the health sector suffered 803 data breaches, involving the exposure of 46.6 million records. The number accounts for nearly one-fifth of all breaches since 2009. Experts believe this is a result of the healthcare industry’s focus on the pandemic, which provided cybercriminals with great opportunity. 2021 and 2019 followed closely behind in the number of data breaches, indicating that the amount of healthcare data breaches is only increasing over time. 2022 has only experienced 151 breaches and approximately 8 million records. Nevertheless it is expected that these numbers will increase in the upcoming months given the high number of breaches that are reported months after they occur. The study noted that 2015 saw the highest number of records exposed in a single year with more than 112 million in total. Based on HHS data, researchers also provided a breakdown of healthcare data breaches by state. However, it must be noted that the states with the largest number of breaches also have some of the highest populations in the nation. The situation was different when it came to the amount of affected records. Due mostly to the 2015 Anthem hack, Indiana accounted for 87.2 million, or approximately 25 percent of all affected records. New York reported the second most with 25 million records. 

According to the number of disclosed records, Comparitech’s researchers listed the top five largest healthcare data breaches since 2009. The list is as follows:

  1. Anthem Inc. = 78.8 million records affected, 2015. 
  2. Optum360, LLC = 11.5 million records affected, 2018-19.
  3. Premera Blue Cross = 11 million records affected, 2014-15.
  4. Laboratory Corporation of America Holdings, dba LabCorp = 10.2 million records affected, 10.2 million.
  5. Excellus Health Plan = 9.3 million records affected.

The researchers identified that the top five biggest data breaches come from several years ago. So while there is an increase in the number of records exposed annually, this is a result of a higher volume of attacks rather than larger, less often breaches.