Electronic medical records (EMRs) are under constant threat of data breaches in the healthcare industry. Reports and analyses show that this isn’t going to change any time soon. Especially when dealing with protected health information (PHI), the rich, sensitive data within medical records.
SEE ALSO: More than 1M patient records breached in the last 30 days
Top 10 states with breached medical records
Comparitech released its most recent report analyzing U.S. data breaches from 2009 to June 2022. From this data, Becker’s Hospital Review chronicled the top 10 states where hackers are most likely to breach medical records.
|State||# of records|
SEE ALSO: Anthem settles with 44 stats for additional $40M over 2015 breach
Breaches can cause major damage to healthcare organizations including downtime, high costs, lawsuits, and maybe even possible deaths. We saw this with the Anthem breach that compromised 80 million of its customers and employees. Knowing and following HIPAA is important to avoiding breaches in the first place.
Strong cyber protection and HIPAA complaint email need to be standard in healthcare
The warnings from Comparitech’s report and Becker’s list are two-fold. First, they advise patients, doctors, and organizations that they should be cautious with healthcare in certain states. And second, they emphasize the importance of strong cyber protections. Healthcare organizations must employ robust cybersecurity features such as HIPAA compliant email before they become a statistic.
Medical records and data breaches
EMRs date to the first efforts to digitize paper records. Things such as vaccination logs, medical charts, and other printed documents. A shift to EMRs brought many benefits to both healthcare providers and patients. Electronic records provide crucial health data to patients and doctors alike and help healthcare organizations deliver strong patient care. Moreover, they improve continuity and flexibility of care as electronic records are generally available at any time, any place.
SEE ALSO: The healthcare digital transformation
Unfortunately, and inevitably, an increased focus on technology also brought problems. The main one: continuous cyberattacks used to steal or encrypt PHI. Hackers want PHI to demand ransoms, steal bank account information, make fake passports, and much more.
In 2021, data breaches exposed 45.67 million records, the largest annual total since 2015. And according to data analyzed from the Office of Civil Rights’ (OCR) Breach Portal, more than 19 million records were compromised in the first half of 2022.
RELATED: What is HHS’ Wall of Shame?
In its survey, Comparitech estimates that since 2009, healthcare breaches affected 342 million medical records.
Six key findings about healthcare data breaches
The Comparitech team researched data from 2009 to 2022 (13 years) using breaches reported to the OCR portal. The portal includes all reported covered entity and business associate breaches from the last 24 months. These are breaches that affected 500 individuals or more.
SEE ALSO: Biggest healthcare data breaches reported this year, so far
The goal of Comparitech’s analysis is to uncover which states suffered the most data breaches. And to figure out the biggest causes of some of the breaches. There were several key findings:
- 4,746 medical breaches occurred
- The breaches affected 342,017,215 individual records
- 2020 was the biggest year for medical breaches—803 reported
- 2015 saw the highest number of records affected—over 112 million in total
- In 2021 and 2022, specialist clinics account for the most data breaches (15%), but hospital networks account for the most breached records (8.8 million or 16%)
- In 2021 and 2022 (through June), hacking was the most common type of breach (353 out of 862 breaches or 40%)
Comparitech included a state-by-state breakdown of healthcare data breaches, presenting a map as well as a comprehensive list.
HIPAA rules are in place so that this does not happen to you
HIPAA (the 1996 Health Insurance Portability and Accountability Act) is U.S. legislation that protects the rights and privacy of patients. It was designed in large part to keep patients’ PHI and medical records private.
The HIPAA rules discussed most often are the Privacy Rule and Security Rule. Together, they provide essential guidelines for the proper protection and disclosure of PHI. When it comes to technology, the HITECH Act promotes the adoption and meaningful use of electronic records. And this also means strong cybersecurity measures.
RELATED: HHS requests comments on HIPAA HITECH Act as cyber threats increase
A HIPAA compliant healthcare organization fulfills HIPAA’s requirements. If OCR finds an organization uncompliant and/or unable to verify due diligence, it will probably financially penalize the organization.
Such fines run from $100 to $1.5 million per violation along with potential jail time. Anthem paid $16 million to OCR along with over $100 million in lawsuit settlements. Avoiding a HIPAA violation and related breach costs is possible by understanding and following HIPAA and its rules. That means ensuring strong cyber protections.
Don’t let a breach destroy you, keep your email HIPAA compliant
The only way to ensure healthcare organizations don’t become a statistic is to use a combination of solid cybersecurity methods. This might include up-to-date employee awareness training, perimeter defenses, data encryption, and access controls. And most importantly, email security (i.e., HIPAA compliant email) such as Paubox Email Suite.
RELATED: Today’s essential email security to avoid healthcare breaches
Our HITRUST CSF certified solution sends HIPAA compliant email by default and automatically encrypts every outbound message. It can conveniently integrate with your current platform, such as Google Workspace or Microsoft 365. Patients can receive emails directly to their inbox without navigating separate portals or passwords.
And even better are our inbox protections. Paubox Email Suite impedes such techniques as spoofing with ExecProtect. It can also keep malware and phishing emails at bay with Zero Trust Email. PHI stays contained, and email, known as the worst threat vector, remains secure.
Comparitech’s statistics may seem daunting, but rather than see it as inevitable, ensure you and your patients always remain protected. Ensure secure cyber protections and safeguard medical records properly so that they can benefit rather than impede patient care.