Patient health record breaches are on a big rise this year, doubling last year's figures. About 32 million patient records have already been breached during the first half of 2019, twice as many as the total for all of 2018, according to the 2019 Mid-Year Breach Barometer Report from IT security firm Protenus.

For reference, 2018 experienced more than 15 million patient records breaches. Current numbers for the first half of the year also point to the fact that there were 285 total breaches reported between January and June.

Surprisingly and shockingly, since 2016, not a day has gone by without a breach. Most of those reportedly have happened during the first half of the current year, with 59% because of hacking.

Insider error contributed only 21% of the total. Loss or theft resulted in 9%. Unknown reasons caused the remaining breaches.

Breach activity details are as follows: 41 in January; 38 in February; 43 in March; 57 in April; 67 in May; and 39 in June. The number of breaches in May were responsible for 21 million breached patient records.

The most significant breach in the first half of 2019 was a hack of the American Medical Collection Agency. The agency works with the likes of Quest Diagnostics and LabCorp. Hackers accessed sensitive medical information, with data eventually found for sale on the dark web.

According to the Protenus study, the majority of breaches (72%) occurred in the provider setting. That equates to 205 breaches, compared to the 32 in a health plan; 26 by a business associate or third-party vendor; and 22 disclosed by businesses organization.

The AMCA breach "contributes significantly to this sharp increase in affected patient records and is an unfortunate example of the damage that can be done by hacking incidents that remain undiscovered over long periods," Protenus said in its report.

For the discovered breaches, discovery took an average of 214 days, but time until discovery varied, from one day to eight-and-a-half-years.

Of the 135 incidents involving hacking that disclosed details to HHS or the media, 27 were because of ransomware or malware; 88 because of phishing attacks and one extortion.

Most of the insider breaches are not malicious. Research from Forrester shows the most significant volume of these security breaches (36%) comes from ignorant or careless user actions that inadvertently cause security breaches. IT professionals often feel that naive users pose the most significant security risk to their organization.

Users share their credentials or share sensitive data or information daily. Research featuring 2,000 U.S. and U.K. desk workers found more than half (52%) of employees see no security risk to their employer in sharing work logins.

The Protenus study found that, geographically, California had the most data breaches by state so far in 2019, 26 incidents. Texas was second with 22 and Florida had 20.