HIPAA Breach Report for January 2022

by Sara Uzer

Paubox-HIPAA-Breach-Report

The Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health & Human Services (HHS) in December 2021.


This report will cover:


HIPAA breaches ranked by people affected

Most common breaches by type

  • Network server breaches affected the most people in December 2021. 1,849,224 individuals had their data breached.
  • Email breaches were the second most common breach, with 531,221 people affected.
  • Other breaches affected 4,037 people, the third most common breach type.

HIPAA breaches by occurrence

Most common breach types

  • Network server was the most common attack vector in December 2021. There were 20 network server breaches.
  • Email breaches were the second most common attack vector; ten attacks via email were reported.
  • Paper/films breaches were reported two times last month.

Year over year comparison

These charts compare the numbers reported in previous Paubox HIPAA Breach Reports (January 2018, January 2019, January 2020, January 2021) with this month’s report.

HIPAA breaches ranked by people affected

What we observe

  • Network server, email, and laptop breaches affected most people overall in December 2017 – 2021.
  • Network server breaches affected a total of 4,462,206 people in these months.
  • Email breaches affected 2,716,874 people, and laptop breaches affected 116,716.
  • There were two large breaches in December 2020 that affected more than 1 million people each. MEDNAX Services, Inc. (email) and Dental Care Alliance, LLC (network server) were the breaches.

HIPAA breaches ranked by occurrence

What we observe

  • Network server, email, and paper/films breach types were the most common attack vectors in December 2017-2022.
  • Network server breaches occurred 53 total times.
  • Email breaches occurred a total of 49 times, and paper/films types occurred 24 times.
  • The most significant number of network server breaches happened in December 2021.

Takeaways

Network server breaches affected the most people in December 2021. Oregon Anesthesiology Group, P.C. had the most significant breach that affected 750,500 people.  Texas ENT Specialists had the second-largest breach that affected 535,489 people.

The yearly comparison shows that network server breaches were the most popular attack vectors for bad actors over the last five December months. Over 4 million total individuals had their data breached via 53 network server breaches during this time.

Full data

Click here to view the HHS’ raw data via Google Sheets.

About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in December 2021.

SEE ALSO: HIPAA compliant email: the definitive guide