Health Care Data Breaches Hit 1 in 3 Americans Last Year: Is Your Data Vulnerable?
Last year, a staggering number of Americans became victims of healthcare data breaches, with the episode involving HCA Healthcare especially highlighting the risks. This breach exposed the personal information of over 11 million people, leading to a flood of spam texts and significant security concerns.
In one instance, a Florida resident discovered through a credit monitoring service that his information had been leaked on dark web forums, necessitating the replacement of his credit and debit cards due to fraudulent activities. Similarly alarming, a mother from Richmond, Virginia, received data breach notices for herself and one of her triplets born in September 2022, along with unexplained medical bills. These incidents form part of a larger problem, reflected in a class action lawsuit seeking to hold HCA accountable for perceived inadequacies in their data security measures.
The past year marked a record high in health data breaches, affecting approximately one-third of the U.S. population. These breaches have primarily been orchestrated by organized, often international, hacker groups targeting health providers and associated vendors. In 2023 alone, a staggering 133 million health records were exposed through data breaches, with the health care industry facing an average of two major data hacks or thefts daily, as reported by The HIPAA Journal.
Despite efforts to enhance cybersecurity, the health care industry continues to grapple with these sophisticated attacks. Consumers are left to deal with the aftermath, often facing identity theft, fraud, and scams. The breach at HCA, for instance, compromised names, contact details, and service dates of patients across 20 states, though it didn’t include medical data like diagnoses.
HCA has defended its cybersecurity efforts, emphasizing the confidentiality of its security measures as a strategic defense. However, victims and their representatives argue that the breach demonstrates a clear risk of identity theft and demand better protection of personal data by institutions collecting it.
Last year saw the highest number of significant health data breaches recorded, with 725 incidents affecting 133 million people, according to the Department of Health and Human Services (HHS). This surpassed the previous record set by the Anthem breach in 2015, which affected over 78 million people. Experts note a shift in targets, with attackers increasingly focusing on businesses handling health information rather than direct care providers.
Among the notable breaches was one involving Perry Johnson & Associates, which impacted nearly 9 million individuals and highlighted the vulnerability of third-party service providers. This breach underscores the difficulties hospitals face in ensuring the security of their networks and data when reliant on external partners.
The government has not been immune to such breaches either, with an attack on the Centers for Medicare & Medicaid Services compromising 2.3 million records. Federal investigations identified a Russian ransomware group as responsible, exploiting vulnerabilities in widely used software.
Ransomware attacks have seen a significant increase, with hackers taking control of hospital data systems and demanding payments. These attacks, along with threats of releasing or selling patient information, are evolving as hackers explore more lucrative strategies.
Industry experts argue that healthcare has been a prime target due to its slow adaptation to the necessary cybersecurity investments. However, there’s hope that the sector is starting to catch up, with certain entities recognizing the importance of robust security measures.
The rise in healthcare data breaches stresses the urgent need for improved security protocols across the industry. As the reliance on electronic systems and telehealth services increases, so does the potential for cyberattacks, making the protection of patient data a top priority for healthcare providers and their associated vendors.