Most Healthcare Breaches Tied to Lost or Stolen Devices, Report Finds

Hackers are not to blame as much as some might assume when it comes to the security of the healthcare industry.

According to an analysis by security firm Bitglass of healthcare data breaches from the past three years, 68 percent of the breaches since 2010 occurred because devices or files were lost or stolen, while only 23 percent were due to hacking. In the breaches analyzed, 48 percent of the incidents involved a laptop, mobile device or desktop.

“Nearly half of all data breaches reported in the U.S. are healthcare related,” said Nat Kausik, CEO of Bitglass, in a statement. “While major hacking events more commonly make headlines, our research shows that unprotected data on lost or stolen devices represents the majority of breach activity in healthcare. Some of these devices contain hundreds of thousands of records. This reaffirms the need for healthcare organizations to reevaluate their security and compliance strategies.”

The findings come from analyzing data on the United States Department of Health and Human Services’ “The Wall of Shame,” a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA). Just four percent of breaches accounted for 80 percent of total records compromised. Of the 100,000 record and above mega-breaches, some 78 percent of the compromised records were the result of loss or theft, according to the Bitglass report.

The company recommends healthcare organizations focus on securing sensitive data as opposed to devices.

“The credit card industry’s efforts to adopt chip-and-PIN technology will further devalue stolen credit-card information, making healthcare data an even more attractive target for hackers,” said Rich Campagna, vice president of products at Bitglass, in a statement. “And unlike credit cards, which limit personal liability for fraudulent transactions, there are no such protections in place for victims of healthcare fraud.”