by John R. Fischer
, Senior Reporter | September 08, 2022
Nearly 5,000 data breaches have affected more than 342 million medical records at U.S. healthcare organizations since 2009.
The largest reported number of breaches was 803 in 2020, followed by 711 in 2021. The most records breached was over 112 million in 2015, primarily due to an attack at Anthem that extracted data for nearly 79 million patients, according to researchers at Comparitech in a new report.
Looking over data from 2009 to June 2022, the company recorded breaches and records affected per state, and tallied the different types of attacks between January 2021 and June 2022.
They note that attacks have dropped so far this year. “2022 has only recorded 151 breaches and nearly eight million records affected — a much smaller amount compared to previous years. However, with many breaches reported several months after they occurred, it is likely these figures will rise in the coming months.”
Since 2009, California has had the most breaches, at 474, around 10% of all 4,746 incidents recorded. Following it are Texas (383), Florida (288), New York (287), and Illinois (217).
Indiana has the highest number of records affected, at nearly 87.2 million, more than 25% of all breached records. This was primarily due to the Anthem case, which was also responsible for it having the highest number affected per 100,000 people.
South Dakota had the lowest number with just eight attacks that affected 36,900 records, and the lowest per 100,000 people.
Hackings were the most popular type, accounting for 288 out of 711 (41%) in 2021, followed by ransomware attacks (161 – 23%). Specialist clinics were hit the most, with 106 breaches affecting three million records.
Clinic networks had the most affected records at 4.1 million then, and also have the most in 2022, along with hospital networks. Health insurance companies have been affected the most this year, with 26 breaches and 1.2 million records compromised.
The Anthem case is considered the largest breach in U.S. history. Others included Optum360, LLC (2018 to 2019 – 11.5 million records affected); Premera Blue Cross (2014 to 2015 – 11 million); LabCorp (2019 – 10.2 million); and Excellus Health Plan, Inc. (2013 to 2015 – 9.3 million).
“The top-ranking medical breaches come from several years ago. So although we are seeing an uptick in the number of records affected on a yearly basis, this is due to a higher volume of attacks rather than larger, less frequent breaches,” said the researchers.