HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Healthcare Data Breach Report: June 2015

This month’s healthcare data breach report looks a lot healthier than May; a particularly bad month for data breaches, with over 1.1 million records exposed in 18 security incidents.

June could be considered a relatively good month for the healthcare industry in terms of records exposed, although more security incidents were reported in June than May, and numbers have not changed much year on year. 21 breaches were reported in June compared to 23 last year.

In total, 159,231 records were reported as being exposed during the month. In June 2014 the figure stood at 252,873, and in June 2013, only 46,713 records were compromised.

 

Quarterly Figures Show Little Has Changed Since 2014

 

Data breach figures for the second quarter of 2015 differ only by one incident from this time last year. Data breaches continue to be experienced at the same rate, in spite of improved protections being put in place by healthcare providers. It would appear it is only possible to maintain pace with malicious insiders and outsiders.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Figures for the quarter indicate 750,000 more data breach victims have been created in the first six months of 2015 than 2014, and almost 1,500,000 more than the same period in 2013.

High profile data breaches resulting in the theft of tens of millions of records give the impression that hackers pose the biggest threat to healthcare organizations. Hacker-related security incidents tend to create more victims, but they are not the most common cause of healthcare data breaches. An analysis of data breach reports for the quarter shows theft to be the leading cause of data breaches; being cited in 26 breach reports.

Unauthorized access and disclosure of PHI was the second leading cause. 22 data breaches were attributed to unauthorized access/disclosure, with last quarter seeing an increase in cases of employees snooping and disclosing records. Hacking was the third leading cause, accounting for 13 data breaches.

The number of security incidents may not have fallen year on year, but there is some good news. Business Associates are now getting to grips with HIPAA Rules and have caused substantially fewer data breaches this year. Only four BAs have caused or suffered data breaches so far in 2015, compared to 18 during the corresponding period in 2014, and 11 in 2013.

Last month’s data breaches have been summarized in the infographic below:

 

hipaajournal-data-breach-report-june-2015

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.