Research Firm Says 32 Million Patient Records Breached This Year
Over 32 million patient records have been breached in the first half of this year, more than double the 15 million last year, according to the latest Protenus Breach Barometer report.
The Protenus Breach Barometer, a cyber incident tracker service from research firm Protenus, says there were 285 incidents worldwide involving record breaches during the first half of the year. This works out to more than one a day.
Hacking was the primary cause for the majority of these breaches with 168 hacking incidents (59 percent of publicly disclosed incidents) and 88% of all breached records, or 27.8 million records.
The single largest breach disclosed so far in 2019 was the result of hacking a medical collections agency. The incident was discovered when patient data was found for sale on the dark web. More than 20 million patient records were affected when hackers potentially gained access to highly sensitive medical information. Hacking was the cause of 60% of the total number of breaches throughout the first half of the year. Hospital insiders were responsible for breaching more than 3 million patient records.
“Hacking continues to threaten healthcare organizations, with a distressing number of patient records breached in the first half of the year,” Protenus’ researchers wrote. “Breaches of patient privacy continue to loom throughout the healthcare industry and seem to be on the rise in the first half of 2019.”
To put things into perspective, in 2015, a report from healthcare company Kaiser Permanente reported that 29 million patient records were breached between 2011 and 2015.
One of the big reasons for the dramatic increase in record breaches is the commodification of personal data on darknet markets. Hackers don’t necessarily need to know what to do with the data as they have a platform to sell it.
Patient records are some of the most valuable commodities on the darknet given the vast wealth of information within each record.
Patient records can sell for a premium due to the amount of information found in the documents, including date of birth, credit card information, Social Security Number, address and email — effectively giving someone all they need to impersonate the victim and open lines of credit in their name. According to a report presented at a recent HIPAA conference, medical records sell for around $50 on darknet markets whereas Social Security Numbers alone can trade for at little as $3.