Sensitive health data of 50 million Americans hacked or breached last year: analysis

The health data of almost 50 million Americans was breached last year, according to a Politico analysis of data from the Department of Health and Human Services.

Health care organizations in every state except South Dakota reported data breaches in 2021. Half of states, as well as Washington, D.C., saw more than 1 in 10 of their residents have their health information accessed without authorization, Politico found in its analysis of more than six years of data from the department’s Office for Civil Rights.

Reported breaches are organized by type. Hacking is most prevalent and was involved in 75 percent of the breaches in 2021, a major uptick compared to 35 percent in 2016. Other breaches includes instances of data theft, like a stolen laptop, or unauthorized access, like sending information to the wrong person, Politico added.

Hospitals, insurers and health care systems that are covered by the Health Insurance Portability and Accountability Act are required to report any breaches of protected health information that impact 500 or more people. They also must notify individuals who have been affected by the breach.

Experts have claimed that the increase in hacking is due to the health industry’s speedy move to digital systems, including remote work causing more people to use personal devices to access private data.

Hacked data is often sold on the dark web or used fraudulently, making it a coveted and at times lucrative pool of information.

“Unfortunately, the industry is pretty much easy pickings, and they’re hitting it because they’re getting paid,” Mac McMillan, CEO of cybersecurity company CynergisTek, told Politico. 

“It’s [not] gonna slow down until we either get more serious about stopping it, or blocking it, or being more effective at it,” he added.