Researchers find 1,800 big patient data breaches at hospitals

A new study published in JAMA Internal Medicine reveals that many hospitals aren't adequately protecting their patients' data, leaving many vulnerable to identity theft and more. Researchers found almost 1,800 'large data breaches' involving patient information spread over a time frame of seven years. The medical facilities where the data breaches were discovered span many states ranging from Michigan's Henry Ford Hospital to California's UC Davis Medical Center.

The research was performed by Michigan State University's Xuefeng John Jiang and others from Ball State University and Johns Hopkins. The data breaches were discovered by looking into data from the Department of Health and Human Services dating from October 2009 to December 2016.

Of the 1,798 data breaches over the seven year span, the researchers found that 1,225 were reported by healthcare providers; the rest by things like healthcare plans, business associates, and healthcare clearinghouses. A total of 216 hospitals reported 257 data breaches, while 33 hospitals were found to have experienced multiple data breaches.

Of those hospitals affected by multiple breaches, the researchers say many of them are 'large, major teaching hospitals.' The information is available due to the legal requirement for hospitals to notify Health and Human Services about any breaches that affect 500 or more people. How many data breaches may have involved lesser numbers — and therefore went unreported — is unclear.

SOURCE: EurekAlert