The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Healthcare Industry Data Breaches in 2015

Posted By on Nov 26, 2015

2015 has been a difficult year for healthcare industry cybersecurity professionals. More confidential records have been exposed in 2015 than since the OCR started publishing healthcare data breach reports. Huge healthcare industry data breaches at Anthem Inc., Premera BlueCross, Excellus BlueCross BlueShield, UCLA Health, Medical Informatics Engineering, and CareFirst BlueCross BlueShield have been suffered this year.

2015 Healthcare Industry Data Breaches Have Exposed 120 Million Records

With so many large-scale data breaches suffered this year it is perhaps no surprise that healthcare industry data breaches have affected more people than breaches suffered by organizations in other industries. The latest figures from the Identity Theft Resource Center (ITRC) indicate over 120 million people have had their medical and/or personal data exposed so far this year as a result of healthcare industry data breaches. That represents 68.1% of the total number of breach victims created so far in 2015 across all industry sectors.

The ITRC first started charting data breaches back in 2005. To put this year’s healthcare industry data breach figures into perspective, since records first started being kept, the data of 854 million individuals have been exposed across all industry sectors. This year’s healthcare industry data breaches account for 14% of the total number of data breach victims created in the past 10 years.

While healthcare industry data breaches have created the most victims, they only account for 35.5% of the total number of data breaches reported so far this year. In total, 690 data breaches were reported up to November. 245 were reported by healthcare providers, insurers and other HIPAA covered entities.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

39.3% of data breaches were suffered by companies in the business sector. More data breaches have been suffered by companies in the business sector, but the security incidents exposed far fewer records. Just 16 million individuals were affected in total across 271 reported security breaches, which represents 9.2% of the total number of victims created in 2015.

The government and military have been targeted this year by cybercriminals, with the biggest breach suffered by the Office of Personnel Management, with the cyberattack exposing 22 million records. Approximately 300,000 were exposed in an attack on the IRS.

In total, 58 government/military breaches were reported, which corresponds to 19.4% of the total number of breaches reported for the year, although just 34 million records were exposed or 8.4% of the total number of breach victims.

Education closely followed with 53 breaches suffered. 760,000 individuals were affected, which is 0.4% of the total number of victims and 7.7% of the total number of incidents.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist