BALTIMORE -- 5,579,438 patient records were breached in 2017, according to new data released today in the Protenus Breach Barometer. Published by Protenus, an artificial intelligence platform used by top health systems and academic medical centers to analyze every single action inside a medical record system, the Breach Barometer is the industry’s definitive source for health data breach reporting.
Compared to 2016, healthcare experienced a slight increase in the number of breaches reported, from 450 in 2016 compared to 477 in 2017. In either year, this represents an average of more than one health data breach per day. In 2016, 27,314,647 records were affected by health data breaches, over five times greater than the number of records affected in 2017, and the result of several large hacking incidents in mid-2016.
The single largest breach reported in 2017 was the result of insider-wrongdoing. This breach was the result of a Kentucky hospital employee inappropriately accessing the billing information of 697,800 patients over multiple incidents. Looking across all incidents in 2017, insiders were responsible for 37% of the total number of breaches this year.
In one particularly egregious incident of insider-wrongdoing, a hospital employee was snooping on patient information for 14 years before the breach was discovered. The breach affected 1,100 patient records, and is an unfortunate example of how detrimental insider threats can be for a healthcare organization. While hacking incidents are often quickly discovered because of the immediate disruption they have on an organization’s day-to-day operations, insider threats can remain undiscovered for long periods of time. On average, it took 308 days for an organization to discover it had suffered a breach in 2017.
This long time to discovery of breaches remains a terrifying challenge for health systems everywhere. In fact, the prevalence of such a wide array of hard-to-detect insider threats is the main reason proactive monitoring of all accesses to patient data is rapidly gaining as a standard best practice in health systems across the country.
Business associates and third-parties remain a major source of health data breaches, as well. 53 of the reported incidents, totaling 647,198 records breached, were the result of business associate or other third party access to health data.
Protenus, which publishes the Breach Barometer, yesterday announced an $11M Series B investment in its comprehensive health data auditing and privacy monitoring platform. Founded in 2014, the company helps health systems ensure health data is safe and being used appropriately.
The Protenus healthcare compliance analytics platform uses artificial intelligence to audit every access to patient records for the nation’s leading health systems. Providing healthcare leaders full insight into how health data is being used, and alerting privacy, security and compliance teams to inappropriate activity, Protenus helps our partner hospitals make decisions about how to better protect their data, their patients, and their institutions. Learn more at Protenus.com and follow us on Twitter @Protenus.