November Breach Report: 28 Incidents, 84K Patient Records Affected | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

November Breach Report: 28 Incidents, 84K Patient Records Affected

December 22, 2017
by Rajiv Leventhal
| Reprints

The month of November was witness to 28 healthcare data breach incidents and nearly 84,000 patient records impacted, according to the latest report from cybersecurity software company Protenus.

Since the beginning of 2017, there has been a consistent trend of at least one healthcare data breach per day; however, November saw this average dip ever so slightly with a total of 28 incidents. Information was available for 25 of those incidents, which affected a total of 83,925 patient records, according to Protenus, which tracks disclosed breaches impacting the healthcare industry, with data compiled and provided by

The number of both data breach incidents and affected patient records are lower than any other month thus far in 2017, “but it may also just indicate that people wanted to get ready for Thanksgiving so they delayed reporting,” according to the Protenus monthly snapshot blog. That said, the number of affected records disclosed during November was significantly lower than the rest of the year. To compare, in the month of October, 246,246 records were affected by a data breach; in September, 499,144 were affected, and in August, 673,934 were affected.

The single largest incident in November for which there is data involved a sleep and pulmonary center in New Jersey who reported that 16,474 patient records were locked up by a ransomware attack. The organization did not pay the ransom and simply restored the files using an offline backup.

Regarding cybersecurity breach trends in November, since July 2017, hacking incidents have consistently outnumbered insider incidents, but the month of November reverses this trend. However, a significant percentage of affected records (44 percent) were due to hacking incidents, and this number would have been even higher, but some data was unavailable for some of the incidents this month, Protenus insiders noted. Of the hacking incidents that were tracked, five breaches affected 36,804 patient records, meaning each incident involved a large number of records impacted. Also of note, there were seven health data breaches that involved paper or film patient records, affecting 8,859 patients.

Meanwhile, there were nine incidents that involved insiders during the month of November, accounting for 32 percent of the total number of data breaches. While insider and hacking breaches accounted for the majority of disclosed incidents, five incidents involved physical theft of patient records, affecting 3,273 records, and two incidents involved lost or missing records, affecting 2,051 records. Loss and theft of patient records accounted for 25 percent of all November health data breaches, according to the report.

What’s more, of the 28 reported health data breach incidents for November, 23 of them involved healthcare providers, three involved health plans, one involved a business associate, and one involved a business which was included in the “other” category of the analysis. The affected business was a law firm that suffered a ransomware attack which affected 16 records.

For the health data breaches that occurred in November, Protenus has data on how long it took to discover and report those breaches for just four of them. On average, it took healthcare organizations 55 days (median= 33 days) to discover that their healthcare organization had been hit with a breach incident.

The longest incident of the month took 153 days from the time the breach occurred to when it was discovered. While these numbers are lower than what has been reported in previous months, the small sample size precludes any comparisons to previous months, according to Protenus insiders.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.