Healthcare Breaches on the Rise in 2022, New Concerns

In June of 2022, the U.S. Federal Government reported that the nation had experienced double the amount of healthcare data breaches during the first five months of the year when compared to the same period of time during the previous year. For context, 2021 saw the most security breaches that ever occurred in a single year in American history, due in large part to the worldwide COVID-19 pandemic and the subsequent lockdowns that ensued, among other mitigating factors. Likewise, the Department of Health and Human Services (HHS) has reported that there have been no less than 125 security breach incidents that have affected healthcare organizations across the country since the start of April 2022.

Yuma Regional Medical Center

Of these 125 data breaches, one of the most significant was a breach that affected Yuma Regional Medical Center in Yuma, Arizona on April 25, 2022. During this breach, a ransomware attack compromised the healthcare data of 700,000 American citizens, including social security numbers, among a host of other forms of personal information. Due to the mass of data that healthcare providers obtain over the course of treating their respective patients, healthcare facilities within the U.S. are prime targets for cybercriminals that are looking to pilfer the personal information of the general public, whether this is through the use of ransomware or other nefarious means.

Shields Health Care Group

What’s more, while the Yuma Regional Medical Center data breach was the largest that had affected a healthcare facility within the U.S. through the first four months of 2022, larger scale breaches have occurred in the proceeding months. For example, Shields Health Care Group, a Quincy, Massachusetts-based healthcare organization that has dozens of locations across the New England area, experienced a data breach that affected more than 2 million individuals that had received care at more than 50 separate facilities. As a result, the healthcare group has reported that various forms of personal information, including insurance information, medical records, social security numbers, and dates of birth, were all accessed and disclosed illegally.

Federal compliance laws

While any data breach that results in an American citizen having their personal information compromised is an inherently problematic occurrence, data breaches that impact healthcare organizations carry long-term consequences and implications that are not as palatable to other industries. Most notably, federal healthcare legislation, such as the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH Act), mandate that healthcare providers and the facilities they work for protect the healthcare data of their patients, lest they face heavy legal and financial penalties.

On top of this, while the HITECH Act incentivized patients and healthcare providers alike to increase the usage of Electronic Healthcare Information (EHI), the law did not place requirements on healthcare providers at it pertains to cybersecurity. As such, many healthcare facilities have been compiling enormous amounts of personal digital information during the past decade, in conjunction with antiquated and outdated cybersecurity policies that were created under the assumption that medical facilities would be limiting their use of EHI when treating patients. The intersection of these issues, as well as the advent of the COVID-19 pandemic, has created a situation in which healthcare providers have been struggling to protect the data of their patients.

Healthcare information and redaction

With all this being said, one resource that healthcare and medical professionals can use to better safeguard the EHI of the patients they serve on a daily basis is automatic redaction software. As these software programs give users the ability to obscure personal information within files across a wide range of mediums, including PDF, email, and image files, among numerous others, they are ideal for healthcare providers that may keep information concerning their patients in both electronic and physical form. Moreover, as these software programs can function automatically without the need for excessive human inputs, healthcare professionals that are strapped for time can still use these systems without having to take time away from treating their patients.

As online communication and digital technologies continue to impact societies all over the world in virtually every facet of modern-day life, healthcare and medical treatment have proven to be no exception. The hundreds of data breaches that have occurred in states all around the country in just the first six months of 2022 are a testament to this fact, as cybercriminals and bad actors continue to enhance the methods by which they steal the personal information of other individuals. To this point, healthcare organizations must take the steps necessary to ensure that any information they collect from the patients they treat remains secure and confidential at all times, as there are great moral, financial, social, and legal consequences for failing to do so.