HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

2017 Data Breach Report Reveals 305% Annual Rise in Breached Records

A 2017 data breach report from Risk Based Security (RBS), a provider of real time information and risk analysis tools, has revealed there has been a 305% increase in the number of records exposed in data breaches in the past year.

For its latest breach report, RBS analyzed breach reports from the first 9 months of 2017. RBS explained in a recent blog post, 2017 has been “yet another ‘worst year ever’ for data breaches.”

In Q3, 2017, there were 1,465 data breaches reported, bringing the total number of publicly disclosed data breaches up to 3,833 incidents for the year. So far in 2017, more than 7 billion records have been exposed or stolen.

RBS reports there has been a steady rise in publicly disclosed data breaches since the end of May, with September the worst month of the year to date. More than 600 data breaches were disclosed in September.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Over the past five years there has been a steady rise in reported data breaches, increasing from 1,966 data breaches in 2013 to 3,833 in 2017. Year on year, the number of reported data breaches has increased by 18.2%.

The severity of data breaches has also increased. In 2016, 2.3 billion records were exposed in the first 9 months of the year. In 2017, the figure jumped to 7.09 billion.

The majority of the exposed records in 2017 came from five breaches, which exposed approximately 78.5% of all the records exposed so far in 2017.

The breach at DU Caller exposed 2,000,000,000 records; the River City Media breach saw 1,374,159,612 records exposed; An unnamed web breach exposed 711,000,000 records; and the EmailCar breach saw 267,000,000 records exposed.

Those five breaches made the top ten list of the worst data breaches of all time, and were ranked as the 2nd, 3rd,  4th, and 9th worst data breaches of all time. With the exception of one breach in 2014, all of the top ten data breaches of all time have been discovered in 2016 (4) and 2017 (5).

While the above five breaches involved the most records, the most severe data breach of the year to date was the breach at Equifax, which exposed the records of 145,500,000 individuals. The breach only ranks in 18th place in the list of the worst data breaches of all time, but RBS rates it as the most severe data breach of 2017 due to the nature of data obtained by the hackers.

The main cause of 2017 data breaches, by some distance, was hacking. 1,997 data breaches were due to hacks, 433 breaches were due to skimming, phishing was behind 290 breaches, viruses caused 256 breaches, and 206 breaches were due to web attacks.

Web attacks may have come in at fifth place in terms of the number of breaches, but the attacks resulted in the greatest number of exposed records – 68.5% of the total. Hacking accounted for 30.9% of exposed records.

The business sector has been worst affected by data breaches in 2017, accounting for 68.5% of the total, followed by ‘unknown’ on 12.6%. Medical data breaches were in third place accounting for 8.5% of the total.

RBS reports that there have been 69 data breaches reported in 2017 that involved the exposure or more than a million records.

The Risk Based Security 2017 Data Breach Report can be viewed here.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.