The Mega Healthcare Data Breaches in the United States (2009 – 2023): A Comparative Document Analysis

Authors

  • Abiola Adedeji Adebanjo Harrisburg University of Science and Technology, 326 Mkt St, Harrisburg PA 17101, United States

Keywords:

healthcare data breaches, case study analysis, prevention measures, patient privacy, cybersecurity practices

Abstract

This paper presents a comprehensive analysis of the predominant healthcare data breaches in the United States from October 2009 to September 2023, utilizing a mixed-methods approach centered on seven publicly available breach reports. It aims to identify patterns, common factors, and measures to enhance cybersecurity within the sector. Through comparative document analysis, the study examines the nature, causes, and repercussions of these breaches, recognizing external attacks, internal errors, and software vulnerabilities as critical weaknesses. The consequences range from financial and reputational damage to erosion of patient trust. The findings stress the necessity for improved preventive strategies, bolstering of security practices, employee training, vendor oversight, and effective incident response mechanisms. The paper also offers insights into the legal and ethical implications of breaches. It suggests robust cybersecurity measures, including the adoption of emerging technologies like blockchain and AI/ML to deter threats. The recommendations guide healthcare organizations toward establishing robust protections for sensitive health data, ensuring regulatory compliance, and facilitating continuity of trust and care. The paper serves as a call to action for ongoing study into the multidimensional impact of data compromises in healthcare. 

References

U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Administration for Children and Families, “State and Tribal Child Welfare Information Systems, Information Security Data Breach Response Plans,” Jul. 01, 2015. https://www.acf.hhs.gov/sites/default/files/documents/cb/im1504.pdf

Proxyrack, “Cost of a Data Breach,” Proxyrack, Dec. 02, 2022. https://www.proxyrack.com/blog/cost-of-a-data-breach/ (accessed Nov. 04, 2023).

Surfshark, “Data breach statistics by country in 2021,” Surfshark, Dec. 20, 2021. https://surfshark.com/blog/data-breach-statistics-by-country-in-2021

Ponemon Institute and IBM Security, “Cost of a Data Breach Report,” IBM Security, 2023. Accessed: Nov. 04, 2023. [Online]. Available: https://www.ibm.com/downloads/cas/E3G5JMBP

Identity Theft Resource Center, “2022 Data Breach Report,” Jan. 2023. Accessed: Jan. 06, 2024. [Online]. Available: https://www.idtheftcenter.org

A. Petrosyan, “Healthcare and Cybercrime in the U.S. - Statistics & Facts.” Statista, Dec. 18, 2023. [Online]. Available: https://www.statista.com/topics/8795/healthcare-and-cyber-security-in-the-us/#topicOverview

P. Rosati, P. Deeney, M. Cummins, L. Van Der Werff, and T. Lynn, “Should You Disclose a Data Breach via Social Media? Evidence from US Listed Companies,” Proceedings of the ... Annual Hawaii International Conference on System Sciences, Jan. 2018, doi: 10.24251/hicss.2018.600.

R. Murray-Watson, “Healthcare Data Breach Statistics.” HIPAA Journal, Jan. 06, 2024. [Online]. Available: https://www.hipaajournal.com/healthcare-data-breach-statistics/

The White House - Office of the Press Secretary, “Presidential Policy Directive - Critical Infrastructure Security and and Resilience,” Feb. 12, 2013. https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil

M. Bricknell and S. Horne, “Personal view: security sector health systems and global health,” BMJ Military Health, vol. 169, no. e1, pp. e64–e67, Sep. 2020, doi: 10.1136/bmjmilitary-2020-001607.

A. A. Siyal, A. Z. Junejo, M. Zawish, K. Ahmed, A. Khalil, and G. Soursou, “Applications of blockchain Technology in medicine and Healthcare: Challenges and future Perspectives,” Cryptography, vol. 3, no. 1, p. 3, Jan. 2019, doi: 10.3390/cryptography3010003.

S. Argaw et al., “Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks,” BMC Medical Informatics and Decision Making, vol. 20, no. 1, Jul. 2020, doi: 10.1186/s12911-020-01161-7.

A. H. Seh, J. F. Al-Amri, A. F. Subahi, A. Agrawal, R. Kumar, and R. A. Khan, “Machine learning based framework for maintaining privacy of healthcare data,” Intelligent Automation and Soft Computing, vol. 29, no. 3, pp. 697–712, Jan. 2021, doi: 10.32604/iasc.2021.018048.

A. H. Seh et al., “Healthcare data breaches: Insights and implications,” Healthcare, vol. 8, no. 2, p. 133, May 2020, doi: 10.3390/healthcare8020133.

L. Coventry and D. B. Branley, “Cybersecurity in healthcare: A narrative review of trends, threats and ways forward,” Maturitas, vol. 113, pp. 48–52, Jul. 2018, doi: 10.1016/j.maturitas.2018.04.008.

W. Triplett, “Ransomware attacks on the healthcare industry,” Journal of Business, Technology and Leadership, vol. 4, no. 1, pp. 1–13, Apr. 2022, doi: 10.54845/btljournal.v4i1.31.

A. Almulihi, F. Alassery, A. I. Khan, S. Shukla, B. K. Gupta, and R. Kumar, “Analyzing the Implications of Healthcare Data Breaches through Computational Technique,” Intelligent Automation and Soft Computing, vol. 32, no. 3, pp. 1763–1779, Jan. 2022, doi: 10.32604/iasc.2022.023460.

M. Alenezi, “An ontological framework for healthcare web applications security,” International Journal of Advanced Computer Science and Applications, vol. 12, no. 6, Jan. 2021, doi: 10.14569/ijacsa.2021.0120658.

U. Y. Kabir, E. Ezekekwu, S. S. Bhuyan, A. Mahmood, and A. Dobalian, “Trends and best practices in health care cybersecurity insurance policy,” Journal of Healthcare Risk Management, vol. 40, no. 2, pp. 10–14, May 2020, doi: 10.1002/jhrm.21414.

S. R. Kessler, S. Pindek, G. Kleinman, S. A. Andel, and P. E. Spector, “Information security climate and the assessment of information security risk among healthcare employees,” Health Informatics Journal, vol. 26, no. 1, pp. 461–473, Mar. 2019, doi: 10.1177/1460458219832048.

J. Carré, S. R. Curtis, and D. N. Jones, “Ascribing responsibility for online security and data breaches,” Managerial Auditing Journal, vol. 33, no. 4, pp. 436–446, Mar. 2018, doi: 10.1108/maj-11-2017-1693.

N. Lewis, Y. Connelly, G. Henkin, M. Leibovich, and A. Akavia, “Factors influencing the adoption of advanced cryptographic techniques for data protection of patient medical records,” Healthcare Informatics Research, vol. 28, no. 2, pp. 132–142, Apr. 2022, doi: 10.4258/hir.2022.28.2.132.

F. Gioulekas et al., “A cybersecurity culture survey targeting healthcare critical infrastructures,” Healthcare, vol. 10, no. 2, p. 327, Feb. 2022, doi: 10.3390/healthcare10020327.

S. Rasoulian, Y. Grégoire, R. Legoux, and S. Sénécal, “Service crisis recovery and firm performance: insights from information breach announcements,” Journal of the Academy of Marketing Science, vol. 45, no. 6, pp. 789–806, May 2017, doi: 10.1007/s11747-017-0543-8.

A. D. Dwivedi, G. Srivastava, S. Dhar, and R. Singh, “A decentralized Privacy-Preserving healthcare blockchain for IoT,” Sensors, vol. 19, no. 2, p. 326, Jan. 2019, doi: 10.3390/s19020326.

F. Gioulekas et al., “A cybersecurity culture survey targeting healthcare critical infrastructures,” Healthcare, vol. 10, no. 2, p. 327, Feb. 2022, doi: 10.3390/healthcare10020327.

A. A. Vazirani, O. O’Donoghue, D. Brindley, and E. Meinert, “Blockchain vehicles for efficient Medical Record management,” Npj Digital Medicine, vol. 3, no. 1, Jan. 2020, doi: 10.1038/s41746-019-0211-0.

A. Ali et al., “Security, privacy, and reliability in digital healthcare systems using blockchain,” Electronics, vol. 10, no. 16, p. 2034, Aug. 2021, doi: 10.3390/electronics10162034.

F. Nakayama, P. Lenz, S. Banou, M. Nogueira, A. Santos, and K. R. Chowdhury, “A continuous user authentication system based on galvanic coupling communication for S-Health,” Wireless Communications and Mobile Computing, vol. 2019, pp. 1–11, Nov. 2019, doi: 10.1155/2019/9361017.

P. K. Yeng, M. A. Fauzi, and B. Yang, “A Comprehensive Assessment of Human Factors in Cyber Security Compliance toward Enhancing the Security Practice of Healthcare Staff in Paperless Hospitals,” Information, vol. 13, no. 7, p. 335, Jul. 2022, doi: 10.3390/info13070335.

K. E. Emam et al., “The inadvertent disclosure of personal health information through peer-to-peer file sharing programs,” Journal of the American Medical Informatics Association, vol. 17, no. 2, pp. 148–158, Mar. 2010, doi: 10.1136/jamia.2009.000232.

J. Fu, N. Wang, and Y. Cai, “Privacy-Preserving in healthcare blockchain systems based on lightweight message sharing,” Sensors, vol. 20, no. 7, p. 1898, Mar. 2020, doi: 10.3390/s20071898.

X. Ren, Y. Lv, K. Wang, and J. Han, “Comparative document analysis for large Text Corpora,” arXiv (Cornell University), Oct. 2015, doi: 10.48550/arxiv.1510.07197.

M. Hassan, “Documentary research - types, methods and examples,” Research Method, Aug. 15, 2023. https://researchmethod.net/documentary-research/

O. for C. Rights, “Breach Notification rule,” HHS.gov, Jun. 28, 2021. https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

F. B. Satria, U. Iqbal, and M. Rabrenovi?, “Legal aspects of processing patient data in health insurance according to Taiwan law,” in ???????? ?? ????? ??????????; ???????? ??????????? ?????? eBooks, 2022, pp. 331–342. doi: 10.18485/aida.2022.23.ch24.

H. Alhakami, A. Baz, W. Alhakami, A. Pandey, A. Agrawal, and R. A. Khan, “A usability management framework for securing healthcare information system,” Computer Systems Science and Engineering, vol. 42, no. 3, pp. 1015–1030, Jan. 2022, doi: 10.32604/csse.2022.021564.

D. Olifer, N. Goranin, A. Ka?eniauskas, and A. ?enys, “CONTROLS-BASED APPROACH FOR EVALUATION OF INFORMATION SECURITY STANDARDS IMPLEMENTATION COSTS,” Technological and Economic Development of Economy, vol. 23, no. 1, pp. 196–219, Jan. 2017, doi: 10.3846/20294913.2017.1280558.

F. Tazi, J. Dykstra, P. Rajivan, and S. Das, “SOK: Evaluating privacy and security vulnerabilities of patients’ data in healthcare,” in Lecture Notes in Computer Science, 2022, pp. 153–181. doi: 10.1007/978-3-031-10183-0_8.

TeamPassword, “Who is Deep Panda and how can you protect yourself?,” TeamPassword, Aug. 31, 2021. https://teampassword.com/blog/who-is-deep-panda-and-how-can-you-protect-yourself (accessed Nov. 10, 2023).

Ponemon Institute, “2016 Cost of Data Breach Study: Global Analysis,” IBM Security, Jun. 2016.

Downloads

Published

2024-01-27

How to Cite

Abiola Adedeji Adebanjo. (2024). The Mega Healthcare Data Breaches in the United States (2009 – 2023): A Comparative Document Analysis. International Journal of Computer (IJC), 50(1), 32–54. Retrieved from https://www.ijcjournal.org/index.php/InternationalJournalOfComputer/article/view/2154

Issue

Vol. 50 No. 1 (2024)

Section

Articles

License

Copyright (c) 2024 Abiola Adedeji Adebanjo

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who submit papers with this journal agree to the following terms