November Breach Report: 28 Incidents, 84K Patient Records Affected | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

November Breach Report: 28 Incidents, 84K Patient Records Affected

December 22, 2017
by Rajiv Leventhal
| Reprints

The month of November was witness to 28 healthcare data breach incidents and nearly 84,000 patient records impacted, according to the latest report from cybersecurity software company Protenus.

Since the beginning of 2017, there has been a consistent trend of at least one healthcare data breach per day; however, November saw this average dip ever so slightly with a total of 28 incidents. Information was available for 25 of those incidents, which affected a total of 83,925 patient records, according to Protenus, which tracks disclosed breaches impacting the healthcare industry, with data compiled and provided by

The number of both data breach incidents and affected patient records are lower than any other month thus far in 2017, “but it may also just indicate that people wanted to get ready for Thanksgiving so they delayed reporting,” according to the Protenus monthly snapshot blog. That said, the number of affected records disclosed during November was significantly lower than the rest of the year. To compare, in the month of October, 246,246 records were affected by a data breach; in September, 499,144 were affected, and in August, 673,934 were affected.

The single largest incident in November for which there is data involved a sleep and pulmonary center in New Jersey who reported that 16,474 patient records were locked up by a ransomware attack. The organization did not pay the ransom and simply restored the files using an offline backup.

Regarding cybersecurity breach trends in November, since July 2017, hacking incidents have consistently outnumbered insider incidents, but the month of November reverses this trend. However, a significant percentage of affected records (44 percent) were due to hacking incidents, and this number would have been even higher, but some data was unavailable for some of the incidents this month, Protenus insiders noted. Of the hacking incidents that were tracked, five breaches affected 36,804 patient records, meaning each incident involved a large number of records impacted. Also of note, there were seven health data breaches that involved paper or film patient records, affecting 8,859 patients.

Meanwhile, there were nine incidents that involved insiders during the month of November, accounting for 32 percent of the total number of data breaches. While insider and hacking breaches accounted for the majority of disclosed incidents, five incidents involved physical theft of patient records, affecting 3,273 records, and two incidents involved lost or missing records, affecting 2,051 records. Loss and theft of patient records accounted for 25 percent of all November health data breaches, according to the report.

What’s more, of the 28 reported health data breach incidents for November, 23 of them involved healthcare providers, three involved health plans, one involved a business associate, and one involved a business which was included in the “other” category of the analysis. The affected business was a law firm that suffered a ransomware attack which affected 16 records.

For the health data breaches that occurred in November, Protenus has data on how long it took to discover and report those breaches for just four of them. On average, it took healthcare organizations 55 days (median= 33 days) to discover that their healthcare organization had been hit with a breach incident.

The longest incident of the month took 153 days from the time the breach occurred to when it was discovered. While these numbers are lower than what has been reported in previous months, the small sample size precludes any comparisons to previous months, according to Protenus insiders.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Duke Health First to Achieve HIMSS Stage 7 Rating in Analytics

North Carolina-based Duke Health has become the first U.S. healthcare institution to be awarded the highest honor for analytic capabilities by HIMSS Analytics.

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.