Healthcare Industry Data Breaches in 2015

2015 has been a difficult year for healthcare industry cybersecurity professionals. More confidential records have been exposed in 2015 than since the OCR started publishing healthcare data breach reports. Huge healthcare industry data breaches at Anthem Inc., Premera BlueCross, Excellus BlueCross BlueShield, UCLA Health, Medical Informatics Engineering, and CareFirst BlueCross BlueShield have been suffered this year.

2015 Healthcare Industry Data Breaches Have Exposed 120 Million Records

With so many large-scale data breaches suffered this year it is perhaps no surprise that healthcare industry data breaches have affected more people than breaches suffered by organizations in other industries. The latest figures from the Identity Theft Resource Center (ITRC) indicate over 120 million people have had their medical and/or personal data exposed so far this year as a result of healthcare industry data breaches. That represents 68.1% of the total number of breach victims created so far in 2015 across all industry sectors.

The ITRC first started charting data breaches back in 2005. To put this year’s healthcare industry data breach figures into perspective, since records first started being kept, the data of 854 million individuals have been exposed across all industry sectors. This year’s healthcare industry data breaches account for 14% of the total number of data breach victims created in the past 10 years.

While healthcare industry data breaches have created the most victims, they only account for 35.5% of the total number of data breaches reported so far this year. In total, 690 data breaches were reported up to November. 245 were reported by healthcare providers, insurers and other HIPAA covered entities.

39.3% of data breaches were suffered by companies in the business sector. More data breaches have been suffered by companies in the business sector, but the security incidents exposed far fewer records. Just 16 million individuals were affected in total across 271 reported security breaches, which represents 9.2% of the total number of victims created in 2015.

The government and military have been targeted this year by cybercriminals, with the biggest breach suffered by the Office of Personnel Management, with the cyberattack exposing 22 million records. Approximately 300,000 were exposed in an attack on the IRS.

In total, 58 government/military breaches were reported, which corresponds to 19.4% of the total number of breaches reported for the year, although just 34 million records were exposed or 8.4% of the total number of breach victims.

Education closely followed with 53 breaches suffered. 760,000 individuals were affected, which is 0.4% of the total number of victims and 7.7% of the total number of incidents.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.