HIPAA Data Breach Report July 2015

HIPAA Data Breach Report July 2015


The HIPAA Journal Healthcare Data Breach Report July 2015 has been compiled from breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights. The breach reports give an indication of the current state of healthcare data security, and how well HIPAA-covered entities are applying HIPAA rules to keep patient data secured. Scroll down for our July 2015 healthcare data breach infographic summary.

A Bad Month for Patient Privacy


Hackers struck again in July, causing two large scale data breaches that exposed the records of millions of patients; two of the most serious healthcare data breaches ever reported. Hackers were discovered to have compromised the systems of four more healthcare providers, and stole highly confidential medical data and millions of Social Security numbers.


Risk of Hacking Greater than Ever


Hackers may have only accounted for four of the 21 data breaches reported in July, but those attacks proved highly damaging. 8,464,637 new breach victims were confirmed by the July breach reports, 8,409,141 of which were the result of hacks. The Medical Informatics Engineering data breach exposed 3.9 million records, while the UCLA Health hack potentially exposed 4.5 million patient and employee records.


Over 100 Million Health Records Exposed in 2015


More than 100 million records have been exposed in 2015, and the year is barely halfway through. The total number of records exposed so far in 2015 now stands at 102,534,967, with undoubtedly many more data breach victims yet to be discovered.

Hackers are causing the most serious data breaches, but employee carelessness is a major problem. Year on year, the number of incidents involving lost devices has increased significantly. Reported device theft is down, but there has been next to no change in the number of cases of improper disclosure of PHI, with theft of data by hospital employees a serious cause for concern.

Employee Carelessness on the Rise


The year to date figures show a fall in the number of reported data breaches compared to 2014, but indicate HIPAA-covered entities are still failing in key aspects of data security. One of the biggest areas is staff training. Data breaches caused by employee carelessness have increased year on year. More unencrypted devices are being lost, data is still being inadvertently disclosed, and simple email errors are still being made. Performing regular training on data privacy and security can help to reduce the number of data breaches suffered.

Congratulations to HIPAA-Business Associates


The figures for the year are appalling, but there is some good news. Business Associates were responsible for having caused 53 data breaches at this point last year. This year, only 6 breaches have been attributed to the actions of Business Associates, indicating their requirements under HIPAA are now much better understood.

HIPAA Data Breach Report 2015: Infographic Summary



Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.