Escalation in Healthcare Data Breaches

The number of healthcare data breaches reported in the United States has increased for the third month in a row.

Records kept by the Department of Health and Human Services’ Office for Civil Rights (OCR) indicate that the total number of reported data breaches impacting the US health sector in 2021 is likely to be higher than the total reported in any previous year. 

In November, the OCR received reports of 68 data breaches exposing 500 or more health records. This number was 15.25% higher than the 59 breaches reported in October. 

While August saw only 38 such breaches reported, 47 breaches were reported in September. The total number of data breaches of 500 or more records reported to the OCR from January 1 to November 30 is 614.

The worst month for data breaches in the healthcare sector so far this year has been June, in which 70 breaches of 500 or more records were reported. July and November were tied for the second worst month, with 68 breaches reported in each month.

While the number of individual data breaches has been increasing in recent months, the total number of records impacted by data breaches has diminished from October to November. 

Of the 68 total breaches reported in November, 2,370,600 healthcare records were exposed, impermissibly disclosed, or stolen. This figure was 33.95% lower than the number recorded in October.

In November, the number of data breaches of 10,000 or more records that were reported to the HHS’ Office for Civil Rights was 30. Of those incidents, four breaches resulted in the exposure or theft of more than 100,000 health records.

The majority (55) of data breaches reported in November were caused by hacking or IT incidents. Theft accounted for two breaches, and 11 breaches were caused by unauthorized access or disclosure.

A geographical analysis of data breaches recorded in November reveals that more breaches (seven) were reported in California and New York than in any other state. Maryland and Pennsylvania each reported four breaches, while two breaches each were reported in Illinois, Indiana, Michigan, Minnesota, New Mexico, Tennessee, Texas, Virginia and the District of Columbia

What’s Hot on Infosecurity Magazine?