Data from: Health IT, hacking, and cybersecurity: national trends in data breaches of protected health information

Objective: The rapid adoption of health information technology (IT) coupled with growing reports of ransomware, and hacking has made cybersecurity a priority in health care. This study leverages federal data in order to better understand current cybersecurity threats in the context of health IT. Materials and Methods: Retrospective observational study of all available reported data breaches in the United States from 2013 to 2017, downloaded from a publicly available federal regulatory database. Results: There were 1512 data breaches affecting 154 415 257 patient records from a heterogeneous distribution of covered entities (P < .001). There were 128 electronic medical record-related breaches of 4 867 920 patient records, while 363 hacking incidents affected 130 702 378 records. Discussion and Conclusion: Despite making up less than 25% of all breaches, hacking was responsible for nearly 85% of all affected patient records. As medicine becomes increasingly interconnected and informatics-driven, significant improvements to cybersecurity must be made so our health IT infrastructure is simultaneously effective, safe, and secure.

研究目标：随着健康信息技术（health information technology, IT）的快速普及，勒索软件与黑客攻击相关报告日益增多，网络安全已成为医疗保健领域的首要任务。本研究借助联邦数据，以期更深入地理解健康信息技术语境下的当前网络安全威胁。 材料与方法：本研究为回顾性观察研究，分析2013年至2017年美国境内所有公开上报的医疗数据泄露事件，数据均下载自公开可获取的联邦监管数据库。 研究结果：本研究共纳入1512起数据泄露事件，涉及154,415,257条患者记录，数据来源为分布异质性较强的受规管实体（covered entities），差异具有统计学意义（P < 0.001）。其中，与电子病历相关的数据泄露事件共128起，涉及4,867,920条患者记录；黑客攻击事件共363起，影响130,702,378条患者记录。 讨论与结论：尽管黑客攻击事件占所有数据泄露事件的比例不足25%，但其导致的受影响患者记录占比却接近85%。随着医疗领域日益互联化且愈发依赖信息学技术，我们必须大幅提升网络安全水平，以确保健康信息技术基础设施同时具备高效性、安全性与可靠性。