Unfortunately as promised, 2017 brought many challenges to properly protecting patient information in healthcare. We saw a record number of data breaches in 2016 with cybersecurity being on a fast and furious rise. In 2017, the trend continued with many healthcare organizations being hit with different cybersecurity attacks, resulting in data breaches. However, on top of the increase in cybersecurity issues, many other reasons for data breaches emerged. A total of 340 large data breaches (500+ individuals impacted) were reported in 2017 impacting 4,977,655 individuals!
Some key highlights from the 2017 HIPAA Data Breaches!
Healthcare providers continue to lead in the number of data breaches. This should come as no surprise as there are more healthcare providers than health plans and healthcare clearing houses in the United States. Of the 340 large data breaches:
- 274 were reported by covered entities (81%)
- 49 were reported from health plans (14%)
- 17 were reported from business associates (5%)
No healthcare clearing houses reported data breaches in 2017 – which is interesting as they are also the only type of covered entity that was able to fully pass a HIPAA audit during the HIPAA audit program’s pilot program in 2012.
The total number of individuals impacted by large data breaches was 4,977,655, which is actually a decrease from 2016. The largest data breach of 2017 was due to an employee accessing information on approximately 697,800 individuals with no business reason to access the information. This definitely supports the need for continued employee education as well as auditing of access in electronic systems containing patient information. The category of Hacking/IT Incident was the biggest impact to the number of individual impacted at 3,442,748. The one key item in this picture is that hacking continues to impact the largest number of individuals with healthcare data breaches. In 2017, 69% of the total individuals impacting were due to Hacking/IT Incidents.
Five (5) types of data breaches occurred in 2017 with Hacking/IT Incidents topping the list with 140 data breaches. Unauthorized Access/Disclosure came in a close second with 119 data breaches. Healthcare continues to see a downward trend in the theft and loss breaches categories. Improper disposal came in last with only 11 data breaches (although this really should be 0)!