Healthcare records for 1 in 3 Americans were breached in 2015, with records of nearly 112 million people affected by hackers, compared with only about 1.8 million individuals in 2014. That's the finding of cybersecurity vendor Bitglass, as reported recently by Health Data Management, following the analysis of breach disclosures maintained by the Department of Health and Human Services and required by HIPAA.

Most of the hacks were of large data repositories (Anthem and Premera Blue Cross, for example). Both were the result of phishing attacks, the magazine reports.

"The 80 percent increase in data breach hacks in 2015 makes it clear that hackers are targeting healthcare with large-scale attacks," Nat Kausik, CEO of Bitglass, said in a statement. "As the IoT revolution compounds the problem with real-time patient data, healthcare organizations must embrace innovative data security technologies to meet security and compliance requirements."

According to the report, 113 million Americans were victim to health data breaches of any kind in 2015. That's up exponentially from 12.5 million in 2014. Forbes notes that, according to OCR, there were 253 breaches affecting 500 individuals or more. Four of the top six breaches were related to Blue Cross, which may signal a larger security problem for that carrier or it could be hacked regularly because of its overall size and name recognition.

2015 saw a significant jump in healthcare hacking and IT theft incidents, rising from 31 in 2014 to 56 such incidents last year. At the same time, only 97 breaches in 2015 were a result of lost or stolen devices, down significantly from 140 in 2014, which accounted for 68 percent of health data breaches that year.

According to Bitglass, there are tremendous financial incentives for cybercriminals to target protected health information, which includes sensitive information such as Social Security numbers, medical record data and dates of birth. On average, healthcare records for sale on the black market sell for 10 times the amount that credit card numbers fetch.

"The bulk of the breaches — about 38 percent — were reported as 'Unauthorized Access/Disclosure,' but fully 90 percent of the top 10 breaches were reported as a 'Hacking/IT Incident.' As a category, 'Hacking/IT Incident' represented 21 percent of all breaches. The other top category was 'Theft' at 29 percent of all breaches," Forbes reports.

"Certainly, the largest single breach — Anthem — represented more than 70 percent of the total records compromised, but that still left 33 million records breached through other healthcare organizations."

Mike Davis, CTO of Countertack, tells Forbes, "I don't think 2016 will change much in terms of IT security at medical providers, hospitals, etc. I think the real changes will be in the device vendors and supply chain. Organizations like GE Healthcare and Siemens have announced strategic initiatives around medical device security."

Among other findings by Bitglass, just 5 percent of healthcare organizations use single sign-on — a session/user authentication process that permits a user to enter one name and password to access multiple applications. Employing such technology adds another layer of deep security and keeps data more secure for those accessing it.

Taking single sign-on even one step further, Dean Wiech, managing director of Tools4ever, said, "Coupling single sign-on with two-factor authentication increases security even more. Users need to have something, like an ID badge and know something, such as a PIN code, to gain access to the network."

This technology significantly mitigates the breach of data, especially from inside the facility.

HIPAA requires covered entities to verify that a person seeking access to electronic protected health information has authorization.