Report: Healthcare Data Breaches Hit All-Time High in 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Healthcare Data Breaches Hit All-Time High in 2016

May 4, 2017
by Rajiv Leventhal
| Reprints
The number of actual records breached appears to be slowing down some, according to the findings

Healthcare data breaches hit an all-time high (328) in 2016, surpassing the previous record set in 2015 (268). And, records of approximately 16.6 million Americans were exposed as a result of hacks, lost or stolen devices, unauthorized disclosure and more.

These latest statistics on healthcare breaches comes from Bitglass, a Campbell, Calif.-based total data protection company. The third annual healthcare breach report aggregated data from the U.S. Department of Health and Human Services’ Wall of Shame—a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA)—to identify the most common causes of data leakage.

The report does offer some good news, however—despite the fact that records of more than 16 million Americans were exposed last year, that overall number of compromised records has declined for the second year in a row and early indications suggest that those numbers will continue to decline in 2017. So far in 2017, 1.5 million American records have been breached, according to the research. And while the Anthem breach that affected 78 million Americans skewed the numbers in 2015, even excluding that outlier, less than half as many customer records were leaked in 2016 as in 2015.

The 2016 year-in-review Breach Barometer report from Protenus painted a similar stark picture for last year—2016 averaged at least one health data breach per day, affecting more than 27 million patient records, that report found. Another recent report from IBM Security found that in 2016, 12 million records were compromised in healthcare—keeping it out of the top five most-breached industries. That research revealed that hackers were indeed focusing on smaller targets, thus resulting in a lower number of leaked records.

Other key Bitglass report findings include:

● Unauthorized disclosures are now the leading cause of breaches, as they accounted for nearly 40 percent of breaches in 2016.

● Hacking and IT incidents continue to pose the greatest risk; the volume of records that leak because of hacking is greater than all other breach events combined.

● All five of the largest breaches were the result of hacking and IT incidents in 2016. To put that in perspective, 80 percent of leaked records in 2016 were the result of hacking. So far in 2017, the largest breach was the result of theft and the four next largest breaches were due to hacking.

According to data from the Ponemon Institute, the average breach costs U.S. companies is $221 per lost record, which is up from $217 per record in 2015. The cost per leaked record for healthcare firms topped $402 in 2016.

“Breaches and information leaks are unavoidable in every industry, but healthcare remains one of the biggest targets,” said Nat Kausik, CEO, Bitglass. “While threats to sensitive healthcare data will persist, increased investments in data-centric security and stronger compliance and disclosure mandates are driving down the impact of each breach event.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.