Health IT, hacking, and cybersecurity: national trends in data breaches of protected health information

Abstract Objective The rapid adoption of health information technology (IT) coupled with growing reports of ransomware, and hacking has made cybersecurity a priority in health care. This study leverages federal data in order to better understand current cybersecurity threats in the context of health IT. Materials and Methods Retrospective observational study of all available reported data breaches in the United States from 2013 to 2017, downloaded from a publicly available federal regulatory database. Results There were 1512 data breaches affecting 154 415 257 patient records from a heterogeneous distribution of covered entities (P < .001). There were 128 electronic medical record-related breaches of 4 867 920 patient records, while 363 hacking incidents affected 130 702 378 records. Discussion and Conclusion Despite making up less than 25% of all breaches, hacking was responsible for nearly 85% of all affected patient records. As medicine becomes increasingly interconnected and informatics-driven, significant improvements to cybersecurity must be made so our health IT infrastructure is simultaneously effective, safe, and secure.

[1]  Clemens Scott Kruse,et al.  Security Techniques for the Electronic Health Records , 2017, Journal of Medical Systems.

[2]  Rollin J Fairbanks,et al.  Electronic Health Record Vendor Adherence to Usability Certification Requirements and Testing Standards. , 2015, JAMA.

[3]  Mark P Jarrett,et al.  Cybersecurity-A Serious Patient Care Concern. , 2017, JAMA.

[4]  D. Zuckerman,et al.  Software‐Related Recalls of Health Information Technology and Other Medical Devices: Implications for FDA Regulation of Digital Health , 2017, The Milbank quarterly.

[5]  Ge Bai,et al.  Hospital Risk of Data Breaches , 2017, JAMA internal medicine.

[6]  Hardeep Singh,et al.  A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks , 2016, Applied Clinical Informatics.

[7]  V. Liu,et al.  Data breaches of protected health information in the United States. , 2015, JAMA.

[8]  Denise L. Anthony,et al.  The double-edged sword of electronic health records: implications for patient disclosure , 2015, J. Am. Medical Informatics Assoc..

[9]  Daniel J Nigrin When 'hacktivists' target your hospital. , 2014, The New England journal of medicine.

[10]  Dean F. Sittig,et al.  Electronic health records and national patient-safety goals. , 2012, The New England journal of medicine.

[11]  E. Perakslis,et al.  Cybersecurity in health care. , 2014, The New England journal of medicine.

[12]  N. Shah,et al.  Implementing Machine Learning in Health Care - Addressing Ethical Challenges. , 2018, The New England journal of medicine.

[13]  Sirpa Mäki,et al.  The computer program , 1980 .

[14]  David Blumenthal,et al.  Keeping personal health information safe: the importance of good data hygiene. , 2015, JAMA.

[15]  Rachel Clarke,et al.  Cyberattack on Britain's National Health Service - A Wake-up Call for Modern Medicine. , 2017, The New England journal of medicine.

[16]  C. Kruse,et al.  Cybersecurity in healthcare: A systematic review of modern threats and trends. , 2017, Technology and health care : official journal of the European Society for Engineering and Medicine.

[17]  Sharona Hoffman,et al.  Your Money or Your Patient's Life? Ransomware and Electronic Health Records , 2017, Annals of Internal Medicine.