Over 113 million health records breached in 2015 - up 10-fold from 2014

Over 113 million health records breached in 2015 - up 10-fold from 2014

One out of every three Americans was affected by a healthcare record breach last year


One out of every three Americans was affected by a healthcare record breach last year, or more than 113 million people, up more than 10-fold from 12.6 million in 2014, according to a report released this morning by Bitglass.

Types of breaches changed dramatically, as well. In 2014, 68 of breached medical records were due to lost or stolen devices, but that percentage dropped to 2 percent last year.

Instead, in 2015, 98 percent of lost records were due to large-scale breaches.

"Lost and stolen devices have traditionally been the biggest source or compromised medical records," said Rich Campagna, vice president of products at Bitglass. "And that's completely switched."

One reason is that financial institutions have worked hard to reduce the value of stolen credit card numbers, he said, by quickly canceling and re-issuing stolen cards. Healthcare information, however, which includes insurance data, addresses, Social Security numbers and birth dates, continues to hold its value over time.

Meanwhile, healthcare organizations have locked down their devices.

There were a total of 140 breaches in 2014 due to loss or theft, and that dropped to just 97 last year.

"Last year, a much higher percentage of devices have shipped with encryption enabled," Campagna said.

Cyber attackers tended to use standard methods to compromise healthcare organizations last year, he added, using phishing to get employee credentials than leveraging those credentials to get at the data itself.

"It's striking how run-of-the-mill these attacks have been," he said.

He recommended that companies train employees to spot phishing attacks, keep an eye out for similar-looking domains used to host spoofed corporate login or HR screens, and introduce two-factor authentication for suspicious logins.

"An employee logging in from a computer inside the network, it might be a low-risk situation," he said. "But if an employee is logging in from North Korea on an Android device -- when they previously only used iPhones -- that could be flagged."

In fact, many healthcare organizations are missing the opportunity to take advantage of two-factor authentication systems that are already in place.

For example, 37 percent of healthcare organization were using Google Apps or Office 365 in 2015, up from 8 percent in 2014.

But only 5.2 percent were using the single sign-on feature of these platforms, a basic security precaution.

"A lot of healthcare organizations are moving away from on-premises applications to the cloud," Campagna said.

"That makes the other types of authentication techniques, like multi-factor, much more important. It can be secure, but only if the cloud applications are used in a secure fashion."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Brand Post

Channel Roadmap

The Channel Roadmap is a bespoke content hub housing strategic priorities from technology vendors for 2022 and beyond, partners can find the guidance on the key technologies and markets to pursue, to help build a blueprint for future success.

Show Comments