Close to 32 million patient records were breached in the first half of 2019, reports the Protenus Breach Barometer by AI-powered healthcare compliance analytics platform, Protenus.

The breaches occurred between January and June, and are more than double than the entire 15 million that occurred in 2018.

“Cybersecurity threats are becoming more sophisticated and the hackers more brazen, which makes developing a robust cybersecurity plan, including processes to respond quickly, crucial to minimizing the damage and impact of an attack,” Cheryl Martin, chief knowledge officer at the American Health Information Management Association, told HCB News.

The amount of breaches is a long way up from the number that occurred between January and March of 2018, in which nearly 1.13 million patient records were breached, according to a previous Protenus Breach Barometer report. Another by the organization found this number rose to 4.4 million alone in the third quarter of 2018. Attacks, as of late, have especially risen in numbers against the healthcare community, in attempts to steal patient data.

At least one health data breach occurs per day, and has done so since 2016. The single largest of these breaches in 2019 was the result of a hacking at a medical collections agency, in which highly sensitive medical information of more than 20 million patients was stolen and put up for sale on the Dark Web.

Hacking was responsible for 60 percent of the total number of breaches that took place in the first half of the year. Of all breaches that occurred, more than three million were perpetrated by hospital insiders. Such instances can often go undetected for years due to hospital workers holding legitimate access to data to quickly and effectively treat patients.

There was, however, an increase of 285 in the number of incidents disclosed in the first half of the year. Martin says that early detection and prevention against these attacks can be ensured by educating staff how to spot signs of suspicious activity and ensuring departments are set up with efficient cybersecurity protection.

“We are seeing more and more hackers getting in to systems due to things like misconfigured servers, migration of data, and even poorly designed databases. The importance of adequate staffing resources and expertise in healthcare information systems’ departments cannot be minimized,” she said. “Since Meaningful Use was instituted, the implementation time for system after system or update after update has greatly increased. Taking the time to ensure systems are developed properly can help ensure best practices are followed and mistakes are avoided.”

She adds that including staff with HIM backgrounds can further the protection offered by systems. “Poorly designed databases speak directly to the importance of including the right skillsets in building your systems that contain PHI. HIM Professionals have been excluded for much too long in EHR systems selection, design, implementation and optimization. This means you are leaving out the individuals who understand both the data and the processes.”

Health IT Homepage