Press release

Bitglass 2021 Healthcare Breach Report: Over 26 Million People Affected in Healthcare Breaches Last Year

Sponsored by Businesswire

Bitglass, the Total Cloud Security Company, today announced the release of its seventh annual Healthcare Breach Report. Each year, Bitglass analyzes data from the U.S. Department of Health and Human Services’ “Wall of Shame,” a database containing information about breaches of protected health information (PHI). In 2020, there were 599 healthcare breaches that collectively affected over 26 million individuals. Bitglass’ latest report takes an in-depth look at the breaches that healthcare organizations faced, comparing them to previous years and revealing key trends and cybersecurity challenges facing the industry.

Breaches recorded in the DHHS database are classified into the following categories:

  • Hacking and IT Incidents: Breaches related to malicious hackers and improper IT security—cybersecurity events stemming from external parties.
  • Unauthorized Disclosure: Unauthorized sharing of PHI by internal parties or systems.
  • Loss or Theft: Breaches that involve the loss or theft of endpoint devices.
  • Other: Miscellaneous breaches and leaks.

Since 2018, the number of hacking and IT incidents has increased each year, meaning that IT resources are increasingly used by organizations and targeted by malicious actors. Such incidents were, by far, the top cause of healthcare breaches in 2020, leading to 403 out of 599 breaches (67.3%)—more than three times that of the next highest category. Hacking and IT incidents also led to larger breaches than other categories did, compromising 91.2% of all exposed healthcare records in 2020 (about 24.1 million out of 26.4 million).

“The vast majority of healthcare organizations process and store protected health information (PHI) such as Social Security numbers, medical history, and other personal data. It is no surprise that these entities would be targeted by malicious cyber criminals seeking to access sensitive data for monetary gain,” said Anurag Kahol, CTO of Bitglass. “The exceedingly high number of hacking and IT incidents highlight the shifting strategies of malicious actors. As healthcare organizations continue to embrace cloud migration and digital transformation, they must leverage the proper tools and strategies to successfully protect patient records and respond to the growing volume of threats to their IT ecosystems.”

Key Findings

  • The average cost per breached record increased from $429 in 2019 to $499 in 2020. With 26.4 million records exposed in 2020, data breaches cost healthcare organizations $13.2 billion.
  • Outside of hacking and IT incidents, the remaining breach categories exposed the personal details of about 2.3 million people, exposing victims to identity theft, phishing, and other forms of cyberattacks.
  • This year, breach numbers were up across the board, with 37 out of 50 U.S. states suffering more breaches than they did in 2019. California had the most healthcare breaches in 2020 with 49 incidents–surpassing last year’s leader, Texas, which suffered 43 breaches in 2020.
  • In 2020, the average healthcare firm took about 236 days to recover from a breach.

To learn more about the state of cybersecurity within the healthcare industry over the past year, download the full report here.

About Bitglass

Bitglass’ Total Cloud Security Platform is the only secure access service edge offering that combines a Gartner-MQ-Leading cloud access security broker, the world’s only on-device secure web gateway, and zero trust network access to secure any interaction. Its Polyscale Architecture boasts an industry-leading uptime of 99.99% and delivers unrivaled performance and real-time scalability to any location in the world. Based in Silicon Valley with offices worldwide, the company is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.