Over 385 million US patient records were breached between 2010 and last year, including 70,340 Connecticut patient records. Those are only the breaches that affect over 500 people and are reported to HHS’s Office of Civil Rights.
As more medical records are digital and we use add more digital healthcare services, opportunities for hackers have expanded. Almost all hospital records (96%) and about 78% of practices are electronic now, up from 9% and 17%, respectively, over just four years. Healthcare breaches are up over 3-fold since 2010 and the size of breaches (median number of people affected) has also tripled. The switch to remote work and hospitals’ use of third-party technology accelerated the problem.
Unfortunately, healthcare cybersecurity protections have not kept up. Even Members of Congress, staff, and their dependents are not immune. DC Health Link, Washington’s health insurance exchange, experienced a breach affecting hundreds. The FBI was able to buy personally identifiable information on Members and others on the “dark web.” The breach includes names of spouses and children, home addresses, and Social Security numbers. The scope of the breach is still not clear.