A Decade of Data Breaches: Healthcare Industry Data Breaches Have Exposed 176.5 Million Records

Share this article on:

For more than a decade the Identity Theft Resource Center (ITRC) has been keeping track of data breaches in the United States. The ITRC data breach list has been growing steadily over the years, although in recent years the number of data breaches has grown substantially.

This week a new milestone was reached. The total number of data breaches recorded by ITRC has exceeded 6,000. More than 851 million records have been exposed since ITRC first started keeping records in 2005, and the last 10 years have seen a 397% increase in data breaches.

ITRC’s analysis of data breaches covers all industry sectors. The organization’s analysts determined that 32.7 percent of data breaches resulted in the exposure of Social Security numbers – or 245.2 million records. Since 2010, 142 million Social Security numbers have been exposed in data breaches. Healthcare industry data breaches accounted for 16.6% of Social Security number exposures.

ITRC figures show that healthcare industry breaches have resulted in the exposure of over 176.5 million records since the organization first started tracking data breaches in 2005. OCR figures show that since January 1, 2014., 129,456,868 healthcare records have been exposed or stolen, and more than 158 million records have been exposed since OCR started publishing healthcare data breach reports in 2009.

Fortunately, 2016 has started much better than 2015 for the healthcare industry. So far this year, the Department of Health and Human Services’ Office for Civil Rights has received 69 reports of healthcare data breaches. 3,514,313 healthcare records have been exposed so far in 2016.

This time last year, OCR had been informed of 87 data breaches which exposed a staggering 92,269,681 healthcare records. The corresponding figures for 2014 were 97 data breaches and 2,542,087 records.

The healthcare industry has been hit particularly hard in recent years as cybercriminals have targeted healthcare providers and insurers for the data they hold. However, ITRC’s figures show that it is the business sector that has suffered the most. The hacking of healthcare organizations may have increased, but over the course of the past decade the business sector recorded the most hacking incidents. 809 hacking related breaches were recorded exposing 360.1 million records.

Healthcare data breaches accounted for 27.9% of data breaches from 2005 to the year to date, while the business sector experienced 35.6% of data breaches.

Government data breaches have hit the headlines in recent months, although over the course of the past decade government/military breaches accounted for 14.4% of the total. Educational institutions accounted for 14.1%, while the financial sector accounted for 7.9%.

As Adam Levin, chairman and founder of IDT911, points out, there are now three certainties in life – death, taxes, and data breaches. He suggests that to tackle the problem, organizations across all industry sectors need to “create a culture of privacy and security from the mailroom to the boardroom.” He went on to say, “that means making the necessary investment in hardware, software and training. Raising employee cyber hygiene awareness is as essential as the air we breathe.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On