For Healthcare Data Security, 2018 Was a Bad Year


Did your organization’s healthcare data security protections hold during 2018?

Most employees have no idea how to answer that question. Unless they work in IT or handle financial transactions, data security might not be a top priority – or at least, it might not seem like a top priority. One breach is all it takes to realize how wrong that thinking is.

Any company that handles healthcare information is obligated to safeguard it, even if the company’s only healthcare records are related to employee insurance. Hospitals and other health-care providers aren’t the only entities that are affected by accidental and malicious breaches. 

2018 Healthcare Data Security: By the Numbers

Last year was a big year in terms of healthcare breaches, and that’s a big problem for American patients. A number of massive breaches occurred just during 2018 alone. (Security data is available because entities that are required to comply with HIPAA laws are also required to inform the Department of Health and Human Services’ Office for Civil Rights, or OCR, when breaches occur.)

In 2018, HIPAA Journal reports that there were:

  • 18 breaches involving more than 100,000 records
  • 8 breaches involving more than 500,000 records
  • 3 breaches involving more than 1 million records

The largest breach happened at AccuDoc Solutions, Inc., a medical billing company located in South Carolina. More than 2.6 million records were exposed and viewable by outsiders during a week-long period in September, making it the largest breach reported since September 2016.

Healthcare data security reporting requirements vary based on whether a breach affects fewer than or more than 500 people. By the end of December 2018, the OCR had been notified of 351 breaches that involved 500 people or more. In total, the healthcare records of 13,020,821 people were exposed in the United States during 2018.

Self-funded employers should take note of one other relevant fact: three of the top six breaches in 2018 were reported by health plans.

Security Breach Trends in 2018

According to HIPAA Journal, the total number of healthcare data security breaches was slightly lower in 2018 than it was in 2017, but far more people’s records were exposed in last year’s breaches than were the year before. In 2017, the most significant event involved the records of just under 700,000 people. A total of 5,579,438 records were exposed in 2017, so 2018’s total of around 13 million represents a dramatic increase.

As in 2017, most of 2018’s major breaches (12 out of 18) were classified by the OCR as hacking/IT incidents. The other six were ruled as having been caused by unauthorized access/disclosure, theft and improper disposal of records.

Employee error and/or poor security practices contributed to several of the breaches. The second-largest incident occurred when multiple employees at UnityPoint Health opened phishing emails and unintentionally gave hackers access to the company’s internal records. That small action ultimately led to the exposure of more than 1.4 million individual’s healthcare records. Several other 2018 incidents also involved successful phishing attacks.

The bottom line? The human error element plays a role in many massive healthcare data security breaches – something any employer that keeps healthcare records must keep in mind.

The good news is, there are steps you can take to ensure your information is safe. If you have questions about keeping your healthcare data secure, contact Stop Loss Insurance Brokers, Inc. today.


Contact Block (Blog)

Recent Comments

    Newsletter Signup

    Signup to start receiving the latest newsletters from StopLoss right to your email.
    Stay up to date on insurance trends and insights.

    Back to Top

    In 2011, the top 5 most expensive medical conditions treated in US hospitals were: Septicemia, Osteoarthritis, Complication of device, implant or graft, Liveborn, and Acute myocardial infarction

    From 2010 to 2013, the number of claims that were individually $1 million or above rose by 1,000%

    In 2017 approximately 18% of the American public will purchase insurance through exchanges, radically transforming the health insurance landscape.

    In 2014, 98% of large firms (= 200 Workers) offer 1+ wellness programs to their employees.

    The most costly 1% of patients account for 20% of national health expenditures – accruing average annual expenses of nearly $90,000 per person.

    6% of firms offering fully-insured plans report they intend to self-insure because of Obamacare.

    In 2014, PPO plans remained the most common plan type, enrolling 58% of covered workers.

    In 2012, 93% of businesses with 5,000+ employees and 80% of companies with 1,000-4,999 employees were self-funded

    Massachusetts has the third-highest prevalence of self-funded insurance in the small-group market (Fewer than 50 employees).

    In 2013, the average deductible was $2,906 for individuals selecting plans from marketplaces. This compares with average deductibles of $1,135 for an individual with employer coverage.

    In 2013, the average annual premiums for employer-sponsored health insurance are $5,884 for single coverage and $16,351 for family coverage, up 5% and 4% respectively from 2012.

    From 2010 – 2013, cancer followed by chronic/end stage renal disease and leukemia accounted for the top 3 costliest illnesses.