2019 HIPAA Breach Report: A year in review

Featured image

Share this article

HIPAA breaches and fines report from Paubox

The Paubox HIPAA Breach Report for 2019 analyzed an entire year’s worth of HIPAA breach reporting by the U.S. Department of Health & Human Services (HHS). Results and takeaways from our findings are summarized in this post.

As a recap, any breach that affects the protected health information (PHI) of 500 or people is required by law to submitted to HHS within 30 days.

How we compiled the data

Since 2017, we have published a monthly HIPAA Breach Report that covers the preceding month’s reported breaches.

We therefore began our 2019 data collection by starting with the Paubox HIPAA Breach Report for February 2019. We then compiled monthly data going all the way until the HIPAA Breach Report for January 2020.

Source Data

The full summary of HIPAA breach data for 2019 can be found here (Google Sheets).

Caveats

We found two caveats in our reporting the reader should be aware of.

First, although organizations are required by law to report a data breach within 30 days of discovering it, we found a number of companies took months (if not a year or more) to discover the breach itself. Therefore, it’s hard to decisively determine which months are “hotter” breach months than others.

Second, we normally compile our monthly Breach Reports during the second week of the following month. Due to the 30 day grace window by HHS, there is a chance some organizations may have reported a breach in the prior month after we compiled and published our monthly report. In that instance, they would not make our 2019 Annual Report for HIPAA Breaches.

It should be noted however, the HHS site that maintains the breach data, otherwise known as the The Wall of Shame, does not hold data past 24 months.

In the years to come, this report may become be the only source of HIPAA breach data for 2019.

Takeaways

There were 418 reported HIPAA breaches in 2019. In total, 34.9 million Americans had their protected health information breached.

That represents roughly 10% of the US population in a single year of breaches.

With the aforementioned caveats in mind, we chose to plot 2019 breach data by three categories:

  • Breach volume by people affected
  • Breach volume by threat vector
  • Breaches by month

When it came to the sheer number of individuals affected, the Network Server category far and away led the field with 30.6 million Americans’ PHI breached.

The outlier of HIPAA breaches in 2019 was caused by a Business Associate. Taking at least eight months to discover, American Medical Collection Agency (AMCA) reported breaches that affected two of its customers and compromised 22.3 million individuals.

The other statistic that jumped out was email. At 161 reported HIPAA breaches in 2019, Email had 39% of the total and nearly twice as many as its closest “rival.”

2019 HIPAA Breach Report: People Affected

2019 HIPAA Breach Report: Breaches ranked by People Affected

2019 HIPAA Breach Report: Threat Vector

Paubox 2019 HIPAA Breach Report: Threat Vector

2019 HIPAA Breach Report: Monthly Comparison

Paubox 2019 HIPAA Breach Report: Monthly Comparison

About the 2019 HIPAA Breach Report

The 2019 HIPAA Breach Report by Paubox analyzed breaches that affected 500 or more individuals as reported to the HHS Wall of Shame.

Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022