Healthcare breaches affected 11.5 million people in 2018

The total number of exposed records in the healthcare sector rose to 11.5 million in 2018. This statistic comes from the fifth annual Healthcare Breach Report, published by Bitglass.

Healthcare breaches affected

The number of breaches reached a three-year low at a total of 290 breaches. The number of exposed records, however, almost doubled from 2017. It is also important to note that 46 per cent of those who were affected by healthcare breaches in 2018 were so due to hacking and IT incidents.

Data analysis taken from a Us Department of Health and Human Services (HHS) database that holds information on breaches involving protected health information (PHI) revealed that breaches in the healthcare industry fell into one of four categories.


As well as those breaches related to malicious hackers and improper IT security, 36 per cent of healthcare data were categorised as @caused by unauthorised access” or “disclosure of protected health information. Some were the result of theft of endpoint devices. Since 2014, the number of breaches caused by lost or stolen devices has dropped by almost 70 per cent. The final category is a mix of miscellaneous breaches and leaks related to items such as improper disposal of data.

On average, almost 40,000 people were affected by each breach. This is move than double the average number affected in 2017. With almost half of these breaches occurring due to IT issues, the report suggested that bad actors are targeting IT systems more often. This is because they know there is plenty of sensitive data stored in those system.

“Healthcare firms have made progress in bolstering their security and reducing the number of breaches over the last few years,” said Rich Campagna, CMO of Bitglass, in a press release. “However, the growth in hacking and IT incidents does deserve special attention. As such, healthcare organizations must employ the appropriate technologies and cybersecurity best practices if they want to secure the patient data within their IT systems.”

Join us for GovSec UK

Join hundreds of InfoSec and senior managers to discuss the threat landscape, opportunities to detect and defeat attacks through appropriate skills and capabilities and best practice required to protect critical national systems and networks. Through a range of thought-leadership and case-study presentations, we demonstrate the very best examples of how public bodies are building resilience and utilising technology to solve strategic security issues.