A record month for health care data breaches

July saw second-highest number of hacking incidents since February 2015, when Anthem suffered a massive breach.

Experian, the credit report agency, told CBS earlier this year that patient records could sell for $1,000 online, compared to about $1 for Social Security numbers. (Photo: Shutterstock)

Health care data has never been more vulnerable. In July, 42 separate hacking incidents led to the exposure of 22 million people’s health care data, according to the Department of Health and Human Services’ Office of Civil Rights.

That’s the second-highest number in a month since the department began tracking breaches in 2010. The only worse month was February 2015, when Anthem suffered a massive breach that exposed the data of its nearly 80 million members.

There are very few, if any, health care organizations that can claim to have been unaffected by cyberattacks. In remarks to the Senate Cybersecurity Caucus reported by Health IT Security, Robert Lord, founder of Protenus Data Security Firm, referenced a recent report that showed 70 percent of health care systems had documented a major breach.

Jennifer Covich Bordenick, eHealth Initiative CEO, similarly argued that many operate under the false impression that stringent data regulations in health care make the information difficult to access.

For starters, she pointed out, regulators are not checking to make sure that health care organizations that are required to abide by HIPPA are in compliance: “There is no such thing as a HIPAA-certified organization. HHS does not go and certify organizations and say, ‘you are completely in compliance.’”

In recent years, however, patients have begun sharing health care information with a variety of third-party apps that aren’t subject to any data regulations.

Bordenick described the hunt for data as the new “space race.”

“Whoever has the most data wins. Think about it. Think about the potential of bioterrorism that would take place, if you discovered a certain population was susceptible to a certain German drug,” she said.

The average hacker, of course, is simply seeking a quick profit. And there’s no information more profitable than health care data. Experian, the credit report agency, told CBS earlier this year that patient records could sell for $1,000 online, compared to about $1 for Social Security numbers.

READ MORE:

How to reduce cybersecurity risk to employees’ health data

11.9 million patient records exposed in Quest data breach

Insurer’s data breach went unnoticed for eight years