Cybersecurity Report: November Had Highest Number of Breaches in 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cybersecurity Report: November Had Highest Number of Breaches in 2016

December 16, 2016
by Heather Landi
| Reprints
Click To View Gallery

November saw an acceleration in the growing trend of health data breaches with 57 separate breach incidents, or an average of almost two per day, the highest in 2016, according to the latest Protenus Breach Barometer report.

The Protenus Breach Barometer is a monthly snapshot of reported or disclosed breaches impacting the healthcare industry, with data compiled and provided by This month’s analysis showed 35 incidents either reported to the U.S. Department of Health and Human Service or first disclosed in media or other sources.

“With an average of almost 2 breaches per day, November has seen a record number of breach incidents, the highest of any month in 2016.  What’s even more concerning is that employees (insiders) are responsible for more than half of this month’s breaches to patient data, a notable increase from past months,” the report authors wrote.

The report authors note that the November breach incident data reinforces the need for health data security to be a top priority for healthcare organizations.

The past two months had shown a decline in total patient records breached and number of incidents reported when compared to the summer months. However, November has seen a sharp increase in the number of breach incidents, with 60 percent more breaches than in October. Up until November, the highest number of monthly breach incidents occurred in August with 42 incidents. For comparison, June had 28 separate breach incidents, July had 39 and then after the 42 incidents in August, the number of incidents began to decline with 37 in September and 35 in October.

The Protenus Breach Barometer’s November analysis indicates 57 incidents either reported to HHS or first disclosed in media or other sources. Information was available for 49 of these incidents, totaling 458,639 records breached.  The report also notes that it is not clear if one of the entities only reported themselves to HHS or if they also reported their affiliated clinic.  

Of the November breach incidents, 54.4 percent, or 31 incidents, were the result of insiders. The largest single incident involved 170,000 patient records as a result of a business associate’s insider error. Further, 17 of these incidents were a result of an error or accident, while 14 were a result of insider wrongdoing. In the 12 insider-error incidents for which Protenus has numbers, 264,099 patient records were involved.  In the nine incidents caused by insider-wrongdoing, 17,237 patient records were involved.

“Nine breach incidents to patient data were a result of hacking, down from 14 hacking incidents in October. Three of November’s incidents specifically mentioned ransomware and another incident mentioned ransom/extortion but not ransomware. TheDarkOverLord struck again, as he was responsible for the ransom/extortion demand. In the six hacking incidents for which we have numbers, 102,883 patient records were involved,” the report authors wrote.

Further, of the 57 reported incidents in November, 40 incidents involved healthcare providers (70 percent of reported entities), followed by 11 incidents involving health plans, and three incidents involving business associates. There were three other entities that reported a data breach: a financial services firm, an anti-doping agency, and one other business.

At least 25 of the 57 incidents (44 percent) involved business associates or third parties, and 11 different BAs or vendors were involved in these 25 breach incidents. The report also notes that paper records were involved in two incidents.

According to the report’s November analysis, it took an average of 135 days from the time the breach occurred to when HHS is notified, which is significantly longer than the average number days it took from breach to reporting for incidents in October.

“It’s important to note that HHS requires entities to report their breach within 60 days of discovery. Sixty-five percent of reporting entities for which we have numbers took longer than the 60-day window to report their breach. It goes without saying that it is essential for organizations to be proactive when monitoring patient data. The sooner a breach is detected, the quicker the healthcare organization can mitigate the risk of significant damage being done with their patient’s data. The longer PHI is exposed, the more it can cost the healthcare organization and ultimately become troublesome for the patients,” the report authors wrote.



Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.