New research has found that while the number of patient records exposed per breach has varied widely, the number of health data breaches reported grew substantially between 2010 and 2017.
The study, which was conducted by researchers with Massachusetts General Hospital, was published in JAMA. Its aim was to look at the changes in data breach patterns as EHRs have come into wider use.
The authors analyzed 2,149 reported breaches over the previous seven years. The number of records breached for incident varied from 500 to almost 79 million patient records.
Researchers behind the study put breaches reported in three categories: those taking place at healthcare provider sites, within health plans, and at business associate locations.
One thing that stuck out from among the data points was that over that seven-year period, the number of breaches increased from 199 the first year to 344 in 2017. During that period, the only year that did not see an increase in incident volume was 2015.
Another notable if unsurprising conclusion drawn by the researchers was that while 70% of all breaches took place within provider organizations, incidents involving health plans accounted for 63% of all breached records.
Overall, the greatest number of patient records breached was due to compromised network servers or email messages. However, the top reasons for breaches have varied from year-to-year, the analysis found.
For example, the most common type of breach reported in 2010 was theft of physical records. The most commonly breached type of media that year was laptop computer data storage, followed by paper and film records.
Meanwhile, by 2017 data hacking or other information technology incidents accounted for the largest number of breaches, followed by unauthorized access to or disclosure of patient data. In addition, a large number of breaches could be attributed to compromised network servers or email messages.
The number of patient records exposed differed depending on what media was breached. For example, while the total of 510 breaches of paper and film records impact about 3.4 million patient records, 410 breaches of network servers affected nearly 140 million records.