More than 40 million people had leaked health information this year

More than 40 million people in the United States had their personal health information exposed in data breaches this year, a significant jump from 2020 and continuing a trend toward more and more health data hacks and leaks.

Health organizations are required to report health data breaches affecting 500 or more people to the Office for Civil Rights of the Department of Health and Human Services, which makes the violations public. This year, the office has received reports of 578 violations so far, according to his database. That’s less than the 599 reported violations in 2020, but last year’s breaches affected only about 26 million people.

Since 2015, hacks or other IT incidents have been the main reason people have made their health records public, according to: a report from security company Bitglass. Before that time, lost or stolen devices led to the most data breaches. The transition coincided with federal regulations in the US requiring healthcare organizations to use electronic health records and the wider move to digital tools such as internet-connected health monitors. Medical records are: valuable on the black market — they have information that is harder to change than a credit card and can be used to make false medical claims or buy drugs.

There are a few ways in which these types of breaches can harm patients: People can disclose personal information and face the financial ramifications of stealing their medical identities. Hacks and attacks on healthcare facilities that shut down hospital computer systems can make it more difficult for them to deliver quality care, and that can harm the people being treated there. Research shows that more people die in hospitals that suffer from data leaks, even in hospitals that don’t lead to computer system shutdowns.

Many healthcare organizations have not prioritized cybersecurity investments, even as the risk of cyberattacks continues to increase. For example, the biggest breach in 2021 was a cyberattack on Florida Healthy Kids Corporation’s health plan, exposing the information of 3.5 million people. A post-attack analysis found that the plan’s website had “significant vulnerabilities.” according to Florida Health News.

However, experts say the spikes in attacks in 2020 and 2021, especially in ransomware attacks, are prompting organizations to take the threat more seriously.