by Hannah Trum Senior Marketing Specialist
Article filed in

HIPAA Breach Report for November 2021

by Hannah Trum Senior Marketing Specialist

Paubox-HIPAA-Breach-Report

The Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health & Human Services (HHS) in October 2021.


This report will cover:


HIPAA breaches ranked by people affected

Most common breaches by type

  • Network server breaches affected the most people in October 2021. 2,023,709 individuals had their data breached.
  • Email breaches were the second most common breach, with 401,723 people affected.
  • Electronic medical record breaches affected 12,082 people, the third most common breach type.

HIPAA breaches by occurrence

Most common breach types

  • Email was the most common attack vector in October 2021. There were twenty email breaches.
  • Network server breaches were the second most common attack vector; fourteen attacks via network servers were reported.
  • Paper/films breaches were reported three times last month.

Year over year comparison

These charts compare the numbers reported in previous Paubox HIPAA Breach Reports (November 2017, November 2018, November 2019, November 2020) with this month’s report.

HIPAA breaches ranked by people affected

What we observe

  • Network server, other, and email breaches affected most people overall in October 2017 – 2021.
  • Network server breaches affected a total of 2,963,128 people in these months.
  • Other breaches affected 2,126,498 people, and email breaches affected 1,006,704.
  • There were two large breaches in October months (2018, 2021) that affected more than 1 million people each. The Employees Retirement System of Texas (other – 2018) and Eskenazi Health (network server – 2021) were the breaches.

HIPAA breaches ranked by occurrence

What we observe

  • Email, network server, and other breach types were the most common attack vectors in October 2017-2021.
  • Email breaches occurred total times.
  • Network server breaches occurred a total of 46 times, and other types occurred 32 times.
  • The most significant number of email breaches happened in November 2020 and 2021.

Takeaways

Network server breaches affected the most people in October 2021. Eskenazi Health had the most significant breach that affected 1,515,918 people. ReproSource Fertilitiy Diagonistics, Inc. had the second-largest breach that affected 350,000 people.

The yearly comparison shows that email breaches were the most popular attack vectors for bad actors over the last five October months. Over 1 million total individuals had their data breached via 65 email breaches during this time.

Full data

Click here to view the HHS’ raw data via Google Sheets.

About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in October 2021.

SEE ALSO: HIPAA compliant email: the definitive guide