No recovery in sight thanks to malicious insiders, human error, and targeted attacks.

In the first six months of the year, 4.2 million US healthcare patient records were compromised in more than 150 incidents, new data has revealed.

A major data breach at California’s Department of Developmental Services in May helped bring the total number of patient records compromised during the second quarter of 2018 to 3.1 million, according to the latest Protenus Breach Barometer (PDF).

This figure, based on a total of 142 incidents disclosed to US Department of Health and Human Services (HHS), is more than triple the 1.1 million records that were lost in the first quarter.

Fighting on all fronts

Malicious insiders – healthcare employees who snoop on patients’ data – continue to plague the industry.

According to Protenus, nine out of 1,000 employees breach patient privacy. Along with human error, employees were responsible for 31% of the total number of breaches in the second quarter.

Targeted attacks against healthcare systems also continue to threaten the industry in 2018. A total of 52 malware, ransomware, and phishing incidents were reported in the second quarter – up on the 30 incidents flagged between January and March.

Uphill struggle

Amid this sharp rise in healthcare data breach incidents, Protenus said hospital teams responsible for responding to insider threats face an uphill struggle.

While the company said there has been an indication that health systems are investing more into their privacy and security teams, one investigator still monitors an average of nearly 4,000 employees across 2.5 hospitals.

“Healthcare organizations must remain vigilant, looking for best practices in healthcare privacy that will allow them to audit every access to their patient data,” the report advised.

“Full visibility into how their data is being accessed and used will help organizations secure patient trust while preventing data breaches from having costly consequences for their organization.”