Healthcare Data Breaches Increased by 70% From 2010 to 2017


Healthcare data breaches from 2010 to 2017 increased by 70% as per a study that two doctors at the Massachusetts General Hospital Center for Quantitative Health conducted. The study was publicized in the Journal of the American Medical Association on September 25 and reviewed 2,149 healthcare data breaches that were reported to the Department of Health and Human Services’ Office for Civil Rights from 2010 to 2017. It was designed to fully grasp the possible disadvantages for patients of the risk of data disclosure.

Each year except 2015, the number of healthcare data breaches increased, with just 199 breaches in 2010 and 344 breaches in 2017. Because of those breaches, 176.4 million healthcare records were lost, stolen, exposed or impermissibly disclosed. 75% of the breached records were due to hacking or IT incidents.

Hacking and IT incidents keeps on increasing every year. On the other hand, theft incidents, was the top cause of healthcare data breaches in 2010, dropped by two thirds. This is because healthcare organizations shifted to using electronic health records and encrypted data saved on portable electronic devices.

In 2010, laptop computers were the most frequent location of breached health data. Next were paper documents and films. In 2017, network servers and email were the most frequent locations of breached health data because of hackers.

The study included healthcare providers, business associates of HIPAA covered entities and health plans. Healthcare providers suffered 70% of the breaches. Health plans only experienced 13% of the data breaches but they resulted in more exposed records. About 63% of all breached records from 2010 to 2017 involved health plans. More breaches transpire in physician’s offices, ‘healthcare providers,’ however more records are lost by large insurance firms.

Over half of the exposed health records from 2010 to 2017 were mostly because of the three health plan data breaches resulting in the stealing of 99.8 million records:

  • Anthem Inc. – 78.8 million record breach
  • Premera Blue Cross – 11 million record breach
  • Excellus Blue Cross Blue Shield – 10 million record breach

The 410 healthcare data breaches that involved network servers from 2010 to 2017 affected roughly 140 million patients. The 510 breaches that involved paper/film records affected 3.4 million patients. Working with big data is a big responsibility. Health plans, health systems, doctors and patients should work together to improve patient care.