Healthcare data breaches continue to be a significant problem for patients and organizations. In 2019, more than 41 million patient records were breached, as per the findings of a report from Protenus and than 50% of those breached records came from a single hack.

Additionally, based on these reported findings, for the full year, the number of hacks nearly tripled from the year prior when 15 million patient records were affected by breach incidents.

Protenus analyzed data breach incidents disclosed to the U.S. Department of Health and Human Services and/or the media during 2019. Per the company’s report, the sector has experienced an increase in the number of breaches of patient privacy since 2016; since then, there were 450 security incidents involving patient data, and that jumped to 572 episodes in 2019.

Like many other potential threats to society and societal well-being, these estimates are likely significantly underreported. The company says. For example, there have been instances were no data affected 500 dental practices and clinics and could affect significant volumes of patient records.

On average, there is at least one health data breach per day, which the company reported first in 2016.

Other threat-related information released by the firm in February 2020 includes ransomware events being on the rise. This form of hacking resulted in nearly 60% of the total number of breaches in 2019. Ransomware, the company said, is affecting almost 37 million patient records.

Hackers are using the stolen patient information in attempts to extort money from organizations, as well as the health system from which the data originated.

Other than hospitals and other health systems, support organizations are being hit, too. For example, according to reporting by Fierce Healthcare, a massive security breach occurred at American Medical Collection Agency (AMCA), a third-party billing collections firm.

Additionally, Quest Diagnostics and LabCorp were hit by AMCA's security breach, which exposed the sensitive data of 21 million patients.This particular breach included dates of birth, Social Security numbers and physical addresses.

Hackers, it seems, are not alone in their ability to threaten organizations. Healthcare staff and employees continue to be a problem for organizations that are trying to stay safe. Per the report, staff inside healthcare organizations were responsible for breaching 3.8 million patient records in 2019, up from 2.8 million records in 2018.

These insider incidents are the result of human error or insider wrongdoing. These events can include employee theft of information, snooping in patient files, and other cases where employees appeared to have knowingly violated the law.

Recommendations to curb attacks include employee education and training to detect and not fall victim to such attacks are imperative to get ahead of the hacking incidents, the report said. "Hackers are also using credential-stuffing attacks, making it increasingly important to train employees not to reuse passwords across work settings and personal accounts," Protenus wrote.