Healthcare Data Breaches Increased During COVID Learn How to Protect Yourself in the New Normal

April 27, 2022
Hooded figure sitting in front of computer with two monitors

The frequency of data breaches in healthcare is increasing. According to the Protenus Breach Barometer report, tens of millions of patient records were compromised in 2021. “More than 50.4M patient records [were] breached as threat actors exploit pandemic disruptions,” Protenus noted. The report says healthcare data breaches were up 19% from 2020 to 2021.


 Meanwhile, these breaches are becoming more expensive. IBM’s Cost of a Data Breach Report 2021 reveals that:

  • The average cost of a breach in healthcare increased by $2 million from 2020 to 2021.
  • The average breach cost for all industries increased nearly 10% from 2020 to 2021.
  • Healthcare organizations have had the highest average breach cost for 11 straight years.

Healthcare organizations are susceptible to data breaches because attacks are becoming progressively more sophisticated and many facilities have not implemented modern security solutions to protect themselves. Hackers can more easily breach outdated security software, and vulnerabilities are harder to patch.

HIPAA mandates that facilities protect their medical records. Safeguarding these records and other data requires a modern approach along with the technical capabilities to prevent and mitigate breaches.  


The pandemic, which encouraged people to work remotely and saw a sudden spike in the use of telehealth, caused a rapid change in technology and how data is shared. The way data is exchanged shifted when remote employees began tapping into the facility’s network to access data, and patients started receiving virtual care. The more devices connected to the network, the greater the “surface area” for cyberattacks.
“The pandemic forced 60% of organizations to move further into the cloud. Such a rapid change resulted in vulnerabilities being introduced and security often lagged behind the rapid IT changes,” noted the HIPAA Journal. “Almost 20% of organizations that reported data breaches in 2020 cited remote work as a factor, with the cost of a data breach around 15% higher when remote work was a factor.”

A common cause of data breaches is compromised credentials, which is when a person steals or otherwise gains access to an authorized person’s credentials and uses them to access a network and steal information. This allows the hacker to sign onto a network rather than hack in, making these stealthy breaches take longer to detect than other types of attacks—an average of 250 days to detect compared to the overall average of 212 days for all types of breaches, according to HIPAA Journal. This means if a hack occurs on January 1, it won’t be discovered until September 8.


Clearly, facilities need to mitigate data breaches. One solution is security automation, which significantly reduces the cost of a data breach. HIPAA Journal reported that organizations with a fully deployed security automation strategy had average breach costs of $2.90 million per incident, compared to $6.71 million at organizations without it.

Likewise, companies with a hybrid cloud environment, which has data both on-premises and in the cloud, had lower breach costs than those that were primarily cloud. Typically, the more sensitive data is kept on-premises, which makes it more difficult to breach than in the cloud.
Regardless of where data is stored, a robust security system is needed to identify and prevent attacks. System weaknesses are among the most common vulnerabilities, with 67% of data breaches in healthcare in 2020 resulting from criminal hacking.
Healthcare organizations need the proper cybersecurity tools and strategies to prevent attacks, especially as companies migrate to the cloud and undergo digital transformations that enable more data-sharing across digital devices. These tools and best practices include:

  • Conducting security checks to ensure HIPAA compliance
  • Training staff in data security to identify potential breaches
  • Monitoring tech devices for unauthorized usage
  • Having a response plan in the event of a breach
  • Updating security software and the IT infrastructure

Healthcare organizations are being targeted for a reason—healthcare data is more valuable to cyber criminals than any other data. The healthcare information often includes personal details and medical issues that can be used for scams.

Stopping breaches is a difficult task, especially because facilities often have many security vulnerabilities and lack the in-house data security expertise necessary to solve problems. Organizations need the ability to identify threats and respond quickly, which requires having the right technology solutions.

Facilities can take actions now, including:

  • Making sure their security software is up to date
  • Implementing stringent password policies
  • Keeping servers current on security patches
  • Educating employees on best security practices 

Working through a group purchasing organization (GPO) allows organizations to implement a strong IT defense at a competitive cost while upholding best practices and HIPAA compliance requirements. This can help facilities prevent data breaches and avoid the monetary and reputational damage that can result from stolen data.  


“Organizations need the ability to identify threats and respond quickly, which requires having the right technology solutions.”

Ready to Get Started?

Take the next step to start saving.

Become a Member