2016 Healthcare Data Breach Report Ranks Breaches By State
A new 2016 healthcare data breach report has been released detailing incidents reported to the Department of Health and Human Services’ Office for Civil Rights. While other reports have already been compiled, this latest report – compiled by data loss prevention firm Safetica USA – shows where those data breaches occurred and the states most affected by healthcare data breaches in 2016.
Data for the 2016 healthcare data breach report was taken from the Office for Civil Rights breach portal, which includes all reported breaches of more than 500 records. The data show that the states most affected by healthcare data breaches are those with the highest number of residents and highest number of healthcare providers.
The top ten states for healthcare data breaches were found to be:
- California – 39 breaches
- Florida – 28 breaches
- Texas – 23 breaches
- New York – 15 breaches
- Illinois, Indiana, & Washington – 12 breaches
- Ohio & Pennsylvania – 11 breaches
- Michigan – 10 breaches
- Arizona & Arkansas – 9 breaches
- Georgia & Minnesota – 8 breaches
- Colorado & Missouri – 7 breaches
The states least affected by healthcare data breaches in 2016 were:
- North Dakota
- South Dakota
- West Virginia
HIPAA-covered entities based in each of those states survived 2016 without experiencing a data breach that impacted more than 500 individuals. Only one HIPAA breach impacting more than 500 individuals was reported last year by a HIPAA-covered entity based in Alaska, Delaware, Hawaii, New Hampshire, Nevada, Utah and Wyoming.
The five worst hit states in terms of the numbers of records exposed were as follows:
- Arizona – 4,524,278 records
- New York – 3,588,554 records
- Florida – 2,872,912 records
- California – 1,436,701 records
- Georgia – 782,956 records
The main causes of healthcare data breaches in 2016 were unauthorized access/disclosure, which accounted for 41.5% of breaches, followed by hacking/IT incidents (31.8%), theft (19%), loss (5.4%) and improper disposal (2.3%).
Theft of physical PHI and devices used to store electronic protected health information was significantly lower than in 2015 when theft accounted for 30% of reported data breaches. In 2015, unauthorized access/disclosure was cited as the cause of 38% of breaches, hacking/IT incidents accounted for 21.4% of breaches, loss of PHI and devices used to store ePHI was the cause of 8.3% of breaches, and improper disposal was the cause of 2.3% of breaches.