Understanding Data Breaches in Health Care

June 28, 2022

As health care transitions to the digital age, it faces new challenges in cybersecurity and data.

A new audit released this week from the Government Accountability Office (GAO) highlights the importance of protecting sensitive information for insurers, providers, health care clearinghouses, and other health groups. The GAO report noted the number of hacking and IT (information technology) incidents had increased by 843 percent since 2015.

“While the increasing use of health IT systems have the potential to improve health care quality, they can be vulnerable to the loss or unauthorized disclosure of PII (personally identifiable information) and PHI (protected health information),” the report notes.

Among the takeaways:

• Key insight:  As health care continues to build a “vast array of information systems and technologies,” it must be ready to thwart threats from multiple sources (criminal groups, hackers, insiders, nations).
• By the numbers:  The number of individuals affected by health care data breaches has varied each year from 5 million to 113 million.
• Main culprits:  Hacking and IT incidents have accounted for about 55 percent of breaches between 2015 and 2021. The next leading causes were unauthorized access/disclosure and theft.
• Recommendation:  GAO recommends the U.S. Department of Health and Human Services establish a feedback mechanism to improve the effectiveness of its breach reporting process.
• Quotable:  “The recent trends of breaches in the health care sector have highlighted the importance of ensuring the security and privacy of electronic health information, including such information maintained in EHRs (electronic health records),” the report said.

The report is available to review online.

HAP is committed to supporting Pennsylvania’s hospital community as it prepares for and responds to cybersecurity and data threats. Pennsylvania’s hospitals are focused on emergency preparedness and planning to protect patient information and deliver outstanding care in their communities.

Read more about the best practices and key insights to establish a cybersecurity plan. For more information, contact Jason Tomashunas, MS, CHEP, HAP’s manager, emergency management.