Over 5.5 million health records for patients were breached last year, a significant drop from 2016, according to a report by Protenus, a company that provides an artificial intelligence platform used by health systems and academic medical centers to analyze their medical record systems. Almost five times as many records – over 27.3 million – were affected by health data breaches in 2016 than in 2017. The massive number in 2016 was the result of several large hacking incidents.
The Protenus Breach Barometer report, which analyzes healthcare data breaches, found 477 breaches in 2017, a slight increase over the 450 reported in 2016. Between 2015 and 2016, 140 million patient records were breached, impacting one in three Americans. Protenus, which was founded in 2014, aims to help health systems ensure health data is safe.
The single largest breach reported in 2017 stemmed from a Kentucky hospital employee inappropriately accessing the billing information of 697,800 patients over multiple incidents. Looking across all incidents in 2017, insiders were responsible for 37 percent of the total number of breaches.
In another incident of insider wrongdoing, a hospital employee was snooping in patient information – affecting 1,100 patient records – for 14 years before the breach was discovered. Hacking incidents are often quickly discovered because they cause an immediate disruption to day-to-day operations, but insider threats can remain undiscovered for long periods of time.
Business associates and third parties also remain a major source of health data breaches. Last year, 53 of the reported incidents, totaling 647,198 records breached, were the result of business associate or other third-party access to health data.