What Is a Healthcare Data Breach?Published September 1, 2020 • 2 min read
A healthcare data breach is any disclosure of data that might compromise the privacy of patients’ protected health information.
Breaches of patient health data are widespread in the healthcare industry. The cause of healthcare data breaches include malware, ransomware, an insider who either purposefully or accidentally discloses patient health data, hacking, phishing campaigns, and the loss or theft of laptops or other devices.
The healthcare industry is a particularly attractive target for data breaches as healthcare records include patients’ names, Social Security numbers, birth dates, payment information, insurance identification numbers, protected health information, and more.
The Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule mandates that covered entities and their business associates notify patients, the U.S. Department of Health and Human Services (HHS), and/or the media following a breach of individuals’ unsecured protected health information.
HIPAA is a federal law that establishes the acceptable uses and disclosures of protected health information (PHI), sets standards for the secure storage and transmission of PHI, and gives patients the right to obtain copies of their PHI. The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules.
The HIPAA Security Rule requires healthcare organizations to protect electronic health data with the proper physical and electronic safeguards to ensure the safety of health information.
In 2019, healthcare organizations reported 572 health data breaches to HHS, the media, or some other source, according to the Protenus Breach Barometer. In addition, 41.4 million patient records were breached, driven by a 49 percent increase in hacking.
And the pace of healthcare data breaches in 2020 continues to highlight some of the sector’s biggest vulnerabilities.
Some of the biggest healthcare data breaches of 2020 were the result of email hacking incidents, malware attacks, and unauthorized access to electronic health records, according to HHS.