HIPAA Compliant Cybersecurity for Professionals

Healthcare Breaches: 40.7 Million Patients Affected


April 5, 2021 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Each year Protenus, along with databreaches.net, conducts a breach report to assess the state of healthcare cybersecurity. Their 2021 Breach Barometer examined healthcare breaches occurring in 2020 and compared the findings to 2019 breaches. Read more about previous healthcare breaches on Telehealth.org blogs: Healthcare Data Breach compromised 295,617 patients, Major Healthcare Hack Targets Mental Health Provider and Healthcare Breach: Email Breach Affects Behavioral Health Organization. More details on healthcare breaches, hacking incidents, insider breaches of 2020 are discussed below.

Healthcare Breaches in 2020

There were 758 breaches publicly posted to the Department of Health and Human Services (HHS) breach portal in 2020, affecting 40.7 million patients. However, the breaches listed on the HHS breach portal only reflect breaches affecting 500 or more patients, making it likely that the number of breaches was much higher. Through their analysis of 2020 breaches, Protenus determined a 30% increase in healthcare breaches compared to 2019.

Hacking Incidents in 2020

The leading cause of 2020 healthcare breaches resulted from hacking incidents representing 62% of reported incidents, with a 42% increase in these types of incidents from the previous year. The 277 hacking incidents compromised the protected health information (PHI) of more than 31 million patients. Part of the reason hacking skyrocketed in the healthcare sector is due to hackers exploiting the COVID pandemic, in some cases posing as government agencies to gain access to sensitive information. The issue was a major cause for concern, with the FBI and HHS warning healthcare organizations against “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

Researchers stated, “By making investments to protect patients, health systems, in turn, protect themselves from severe reputational damage, financial penalties, or care disruptions stemming from hacking incidents. Under obligation to do no harm, healthcare organizations must adopt advanced tools capable of preventing hacks and their frightening consequences for patients.”

Insider Breaches in 2020

The second most common cause behind healthcare breaches in 2020 was insider breaches. Insider breaches occur when an employee of a healthcare organization accesses PHI without cause. Insider breaches represented 20% of reported incidents, with 111 incidents of insider breaches compromising the PHI of 8.5 million patients.

“A zero-tolerance stance on snooping is important, but it will never be enough to prevent innocent mistakes or nefarious hackers,” researchers wrote. “Only by using compliance analytics to calculate the risk score of any anomalous access can organizations surface and prioritize interactions with data that truly warrant attention…. Noncompliance is critically important to identify and prevent, especially when organizations are struggling financially. Compliance incidents are costly because of all that goes into reconciling them. On top of paying penalties, health systems must do damage control,” they added.

HIPAA Resources

Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance, with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...