California state officials this week released its second annual data breach report, and spoiler alert: the numbers for the healthcare industry aren't pretty.

 

Just this past year, some 18.5 million Californians had their personal information or their protected health information compromised in a data breach, state Attorney General Kamala D. Harris announced Tuesday. To put the numbers in perspective, that's a whopping 600 percent increase in the number of people affected in 2012. In total, companies reported 167 breaches in 2013 alone, compared with 131 breaches in 2012. 

 

[See also: Healthcare security stuck in Stone Age.]

 

So how did healthcare fare? The sector ranked second worse in how many people were impacted, compromising the most records out of all sectors beside that of retail. Moreover, the lion's share of healthcare data breaches in California were preventable, Harris pointed out in the report. Contrary to other industries that saw predominantly hacking or cyber intrusions as the root cause of breaches, a whopping 70 percent of the state's healthcare data breaches resulted from stolen or lost unencrypted hardware or devices. 

 

"The need to use encryption is a lesson that must be learned by the healthcare industry and we recommend that it be applied not only to laptops and portable media, but also to many computers in offices," Harris outlined in the report. 

 

Overall, the healthcare sector accounted for 15 percent of the data breaches and 1.1 million records for the year. Only retail involved more, affecting 15.4 million consumers. 

 

[See also: Healthcare security stuck in Stone Age.]

 

In addition to physical theft or loss of unencrypted devices, the sector also saw significant data breaches as a result of errors, at 17 percent. Errors, the report clarified, included unintentional errors made by employees, such as misdelivery in electronic or paper form; accidental publishing and posting of personal or protected health information; neglecting to "wipe" or shred documents and devices containing the personal data. 

 

In the report, Harris also underscored several recommendations for consumers, policymakers and businesses going forward on how they can work to prevent against these breaches in the future. For the healthcare industry, it was all about basic encryption. 

 

"I strongly encourage more use of encryption to significantly reduce the risk of data breaches," said Harris, in a press release announcing report findings.