Major Healthcare Data Breaches Have Affected More Than 30M Patients Since 2009 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Major Healthcare Data Breaches Have Affected More Than 30M Patients Since 2009

August 21, 2014
by Rajiv Leventhal
| Reprints

Since federal reporting requirements kicked in, the U.S. Department of Health and Human Services (HHS)' database of major breach reports have affected some 30.1 million patients spanning over 944 incidents, according to recent analysis in the Washington Post's "Wonkblog."

The blog, written by health policy reporter Jason Millman, comes soon after the Franklin, Tenn.-based Community Health Systems, Inc. acknowledged that the personal data of approximately 4.5 million patients was stolen by hackers from its computer network earlier this year.

A majority of those 30.1 million records are tied to theft (17.4 million people), followed by data loss (7.2 million people), hacking (3.6 million) and unauthorized access accounts (1.9 million people), according to a Washington Post analysis of HHS data. These numbers don't include the Community Health Systems data breach.

There are also many more incidents of smaller-scale breaches. In 2012, for example, HHS received 21,194 reports of smaller breaches affecting 165,135 people, according to the department's most recent report to Congress. Similar numbers were reported in 2011. In all, data breaches cost the industry $5.6 billion each year, estimates the Ponemon Institute, a security firm.

What’s more, recent analysis from legal firm Fox Rothschild LLP has found that the number of major data breaches reported has increased from 239 to 885 in less than a year.  The most common breach type is theft; 430 of the 885 list breaches reported the breach type to involve “theft” of all kinds, including laptops, other portable electronic devices, desktop computers, network servers, paper records and others, according to the law firm.

Topics

News

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.

83% of Physicians Have Experienced a Cyber Attack, Survey Finds

Eighty-three percent of physicians in a recent survey said that they have experienced some sort of cyber attack, such as phishing and viruses.

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.