Health Data Breach Tally: Trends in 2019

As of early December, the HHS “Wall of Shame” shows that 462 major health data breaches affecting a total of nearly 41 million individuals have been logged in 2019.

By the numbers:

• 272 breaches were reported as hacking/IT incidents, affecting a total of nearly 36 million people, accounting for approximately 88 percent of people affected by breaches.

• 136 breaches were reported as “unauthorized access/disclosure” breaches, affecting a total of 4.6 million individuals, or about 11 percent.

• 30 breaches were reported as “loss” or “theft” of unencrypted computing devices, impacting about 266,000 individuals, or less than 1 percent.

• 108 breaches were reported as having a business associate “present.” Those BA breaches affected nearly 24.8 million individuals, or about 60 percent of the total impacted.

Bigger Picture Trends
In the ten years since HHS’ began keeping a public tally of major breaches involving PHI, 3,015 breaches affecting over 230 million people have been posted.

Hacking/IT incidents have affected the most people with 859 reported breaches exposing records for 182 million individuals, or nearly 80 percent of all breach victims.

634 incidents affecting a total of 64.5 million individuals were reported as having a BA “present.”

One of the biggest shifts in recent years is the rise of hacking and ransomware with a drop in the impact of health data breaches involving lost or stolen unencrypted devices. The overall volume of breaches continues to rise year over year.

The increase in business associate breaches should also serve as a reminder to vet BAs carefully. Ask for evidence of compliance and ensure their workforce education includes robust training on phishing and ransomware.

If you have questions on how to keep your organization up to date with IT security, call ITPAC today.