More than 50.4M patient records breached as threat actors exploit pandemic disruptions
Over 50 million patient records were breached in 2021, according to a new report released today, the Protenus Breach Barometer®. Published by Protenus, a healthcare compliance analytics company that protects patient data for the nation’s leading health systems, the Breach Barometer is the industry’s definitive source for health data breach reporting.
In 2021, the healthcare industry faced rising supply costs, higher salaries, and critical staffing shortages exacerbated by COVID-19 on top of the continued challenge of employee retention and satisfaction, patient safety, and organizational success. Although bad actors have relentlessly exploited healthcare’s weak spots for years, continuous disruption made the industry an even bigger target for data breaches in 2021. There were 905 reported health data breaches in 2021, up 19% from 758 reported in 2020.
To download the full report, or for more information, please visit: https://www.protenus.com/resources/2022-breach-barometer
The single largest breach in 2021 was the result of a hacking incident involving the IT business associate of a children’s health plan based in Tallahassee, Florida. Hackers exploited vulnerabilities in the health plan’s website that the web hosting provider hadn’t patched or addressed, gaining access to information including full names, birth dates, email addresses, phone numbers, addresses, Social Security numbers, financial information, familial relationships, and secondary insurance data. The incident affected as many as 3,500,000 individuals who applied for health insurance between 2013 and December 2020.
The Breach Barometer findings also note that insider incidents continued to be a risk, accounting for more than one in 10 healthcare data breaches. Insider behavior can, and often does, give outsiders a foothold for improper access to patient data and may have provided an entryway for the many hacking incidents that accounted for the majority of breaches in 2021.
Nick Culbertson, CEO of Protenus, remarked on the severity of the insider incidents, noting, “The need for proactive patient privacy monitoring has never been greater. The threats we’re seeing today are much more intrusive than in years past and can come from multiple sources — a random employee snooping or a sophisticated cybersecurity hacker that gains access through an employee channel. Once a breach erodes patient trust in your organization, that’s extremely difficult to recover from.”
Incidents included in the analyses for this report were compiled and analyzed by DataBreaches.net, with additional research and analyses provided by Protenus.
Protenus’ AI-driven patient privacy monitoring and drug diversion solutions help hospitals and health systems ensure health data is safe and being used appropriately. Founded in 2014, Protenus was named one of 2021 CBInsights Digital Health 150, is a three-time winner of Forbes‘ America’s Best Startup Employers, and was named one of The Best Places to Work in Healthcare by Modern Healthcare and one of the Best Places to Work in Baltimore by the Baltimore Business Journal and the Baltimore Sun.