In this Paubox Breach Report, we analyzed HIPAA breach reporting submitted to the U.S. Department of Health and Human Services without unreasonable delay from January 2017 to June 2017. We looked at the types of breaches of unsecured protected health information (PHI) affecting 500 or more people. Under the Health Insurance Portability and Accountability Act (HIPAA), covered entities and business associates must report "the acquisition, access, use, or disclosure of unsecured PHI, in a manner not permitted by HIPAA rules" under the HITECH breach notification rule. Below is our risk assessment.
HIPAA Breaches Ranked by People Affected
Top Three Breach Types
- Network Server breaches ranked the highest with nearly 1.4 million people’s PHI hacked or stolen from January thru June 2017.
- Other breaches ranked second with PHI of over 900,000 people breached.
- Email breaches came in third with 214,280 people having their PHI breached.
Bottom Three Breach Types
- Paper/Films ranked as the lowest number of people’s PHI being breached from January thru June with 29,334.
- Laptop breaches ranked second lowest at 37,468.
- Electronic Medical Records were the third lowest type of breach as ranked by people affected with 38,513.
HIPAA Breaches Ranked by Occurrence
The Most Common Occurrences
- Network Servers came in as the most common breach from January thru June with 39 reported breaches affecting 500 or more people’s PHI.
- Email came in as the second most common breach type with 28 incidents.
- Other came in third with 26.
The Least Common Occurrences
- Laptop and Desktop Computer came in tied as the least common breach type with 10 reported incidents each.
- Electronic Medical Record rounded out the bottom tier of the list with 15 reported breach incidents.
Click here to download the raw data.
I believe HIPAA breaches via email will continue to escalate during the second half of 2017. This is due to three macro factors. First, the Office for Civil Rights and HHS has taken the stance that it presumes a HIPAA breach in the case of a ransomware attack. Second, due to the high black market value of health care records, ransomware attacks on healthcare agencies will remain unabated. Third, the entire healthcare industry remains 10, if not 15 years behind every other American business segment. This includes cybersecurity defenses, making the healthcare providers extremely susceptible to attacks, breaches, theft or impermissible use.
SEE RELATED: HHS Reports International Cyber Threat to Healthcare Organizations
SEE RELATED: Can Healthcare Protect Itself From Cybercriminals?
About the Paubox HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
Minimize the risk of email getting you on the list with Paubox.