Cybersecurity attacks and data breaches soared during 2015, according to results of the sixth annual report from security firm Redspin on leaks of protected health information.

Since 2009, a total of 154,368,781 patient records have been breached, and nearly three-quarters of those records—more than 113 million—were breached in 2015, Redspin noted. Further, 98 percent of patient records breached last year were a result of hacking incidents.

From 2009 through 2013, the primary cause of breaches was the theft of unencrypted computing devices, but in large part, thieves valued the device more than the information they held, according to Redspin’s report. “Not so in 2015. Hackers knew exactly what they were after as they pilfered health information and/or other personal data for nefarious purposes, such as medical ID theft and fraud,” it stated.

Some 88 percent of breached records in 2015 came from the top three attacks on insurance companies—Anthem, Premera Blue Cross and Excellus Health Plan. When other attacked payers are factored in, the insurance sector accounted for 91 percent of breached records.

“Large health insurers process and maintain enormous amounts of PHI, much more than a typical hospital” Redspin notes. “Given the potential return on investment of successfully hacking into a major health plan’s data, it was only a matter of time before payers were targeted.”

Redspin’s report suggested it appears hackers gained the network credentials of at least five high-level IT employees at Anthem, showing the need for better training of all employees to recognize phishing attacks, which are techniques to convince someone to share network credentials.

A number of providers reported breaches of protected heath incidents in 2015, although the total number of records accessed pale in comparison to insurers, according to Redspin. About 185 providers reported incidents that affected more than six million records, and 83 percent of breached provider records were a result of hacking incidents.

Also See: Pressure grows to increase security of infusion pumps

Business associates also remain a threat to the security posture of insurers and providers, accounting for more than 20 percent of the number of breaches. “We predict BAs will be increasingly targeted by hackers,” Redspin researchers predict. “Many BAs store as much PHI or more than a large hospital.”

Redspin’s breach report for 2015 also covers efforts in Congress and the Dept. of Health and Human Services to curb cyber attacks, a growing awareness among company executives of the need to find more funds in budgets for security and potential revenue loss to providers because of medical identity theft.

The company further warns that 2016 could be another tough year for security. “It is unlikely that attackers will stop targeting healthcare organizations anytime soon. The economics are simply too compelling.” The report is available here.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access