HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

A Decade of Data Breaches: Healthcare Industry Data Breaches Have Exposed 176.5 Million Records

For more than a decade the Identity Theft Resource Center (ITRC) has been keeping track of data breaches in the United States. The ITRC data breach list has been growing steadily over the years, although in recent years the number of data breaches has grown substantially.

This week a new milestone was reached. The total number of data breaches recorded by ITRC has exceeded 6,000. More than 851 million records have been exposed since ITRC first started keeping records in 2005, and the last 10 years have seen a 397% increase in data breaches.

ITRC’s analysis of data breaches covers all industry sectors. The organization’s analysts determined that 32.7 percent of data breaches resulted in the exposure of Social Security numbers – or 245.2 million records. Since 2010, 142 million Social Security numbers have been exposed in data breaches. Healthcare industry data breaches accounted for 16.6% of Social Security number exposures.

ITRC figures show that healthcare industry breaches have resulted in the exposure of over 176.5 million records since the organization first started tracking data breaches in 2005. OCR figures show that since January 1, 2014., 129,456,868 healthcare records have been exposed or stolen, and more than 158 million records have been exposed since OCR started publishing healthcare data breach reports in 2009.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Fortunately, 2016 has started much better than 2015 for the healthcare industry. So far this year, the Department of Health and Human Services’ Office for Civil Rights has received 69 reports of healthcare data breaches. 3,514,313 healthcare records have been exposed so far in 2016.

This time last year, OCR had been informed of 87 data breaches which exposed a staggering 92,269,681 healthcare records. The corresponding figures for 2014 were 97 data breaches and 2,542,087 records.

The healthcare industry has been hit particularly hard in recent years as cybercriminals have targeted healthcare providers and insurers for the data they hold. However, ITRC’s figures show that it is the business sector that has suffered the most. The hacking of healthcare organizations may have increased, but over the course of the past decade the business sector recorded the most hacking incidents. 809 hacking related breaches were recorded exposing 360.1 million records.

Healthcare data breaches accounted for 27.9% of data breaches from 2005 to the year to date, while the business sector experienced 35.6% of data breaches.

Government data breaches have hit the headlines in recent months, although over the course of the past decade government/military breaches accounted for 14.4% of the total. Educational institutions accounted for 14.1%, while the financial sector accounted for 7.9%.

As Adam Levin, chairman and founder of IDT911, points out, there are now three certainties in life – death, taxes, and data breaches. He suggests that to tackle the problem, organizations across all industry sectors need to “create a culture of privacy and security from the mailroom to the boardroom.” He went on to say, “that means making the necessary investment in hardware, software and training. Raising employee cyber hygiene awareness is as essential as the air we breathe.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.