Healthcare Data Breach Report: August 2015

Share this article on:

Healthcare Data Breach Report: August 2015


The number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights differs little from July; however the volume of records exposed fell dramatically month on month. In July, over 8,000,000 patient and health plan member records were exposed. August saw ‘only’ 215,556 records exposed.

Only one hacking incident was reported in August: The cyberattack on Pediatric Group LLC, which resulted in 10,000 records being exposed. This was a major improvement on last month, which saw 4 hacking incidents discovered. Those four data breaches included major data exposures at Medical Informatics Engineering and UCLA Health, which exposed 3.9 million and 4.5 million records respectively.

Main Cause of Data Breaches in August 2015 Was Lost/Stolen Devices

August saw eleven reports of lost and stolen PHI containing devices. Each data breach exposed relatively few medical records (Except the Empi Inc / DJO Global data breach that exposed 160,000 records), but all could have been easily prevented had data encryption been employed.

Unauthorized access and disclosure of patient health information continues to plague healthcare providers and health plans, with seven separate incidents reported to the OCR in August.

While the data breach figures for August may be relatively low, the year to data figures are another matter entirely. 180 security incidents have been reported so far this year, and 102,750,523 patient and health plan member records have been exposed. That’s over 93 million more records than were exposed during the same period in 2014.

The August 2015 healthcare data breaches have been summarized in the infographic below:

Healthcare Data Breach Report Infographic (August 2015)




Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On