Healthcare Data Breaches Up 70 Percent Since 2010

by Chris Brook on Thursday October 4, 2018

Contact Us
Free Demo
Chat

Research recently carried out by the Center for Quantitative Health at Massachusetts General Hospital found there have been 2,149 healthcare breaches, impacting 176.4 million patient records, since 2010.

It's been established at this point that both the cost and the sheer number of healthcare data breaches have increased over the last several years but now, thanks to recent academic research, we have some numbers around the growth.

A study published in the Journal of the American Medical Association last week puts the number of records breached each year around 176 million, a figure that correlates to about 344 breaches a year. That’s a 70 percent increase from seven years ago.

Researchers at the Massachusetts General Hospital Center for Quantitative Health carried out the research, poring over 2,000+ data breaches reported to the Department of Health and Human Services from 2010 to 2017.

The number of breaches - 2,149 - affected 176.4 million records over that span.

According to the study, “Temporal Trends and Characteristics of Reportable Health Data Breaches, 2010-2017,” over the last seven years, 75 percent of the records the researchers looked were either breached, lost, or stolen. The Office for Civil Rights (OCR) traditionally categorizes records in this field as being breached by a "hacking or IT incident."

The report points out that while yes, doctor's offices and healthcare providers are usually hit by breaches, the most healthcare records are lost by large health plans; 110.4 million over the seven-year period. It's probably safe to say 2015's breach at Anthem, which saw 79 million records compromised after a subsidiary was phished in 2014, moved the needle significantly here.

Overall, the number of healthcare breaches seems poised to rise this year. An August report via Protenus, a healthcare data analytics company, said there were 142 healthcare breaches in the second quarter of 2018, a number that if extrapolated, suggests we could push 600 healthcare breaches this year.

Despite these jarring numbers, recent reports suggest looking ahead the number of actual breached records may decrease this year. There were reportedly only 1.13 million records exposed in Q1 this year and 3.14 million in Q2, suggesting numbers if stretched out across the year, would fall well short of 132 million records.

“Although networked digital health records have the potential to improve clinical care and facilitate learning [in] health systems, they also have the potential for harm to vast numbers of patients at once if data security is not improved,” the authors of the paper, Thomas H. McCoy Jr., M.D., and Roy H. Perlis, M.D., M.Sc., wrote.

For the healthcare industry the statistics reaffirm the importance of having a data protection program in place, not only to comply with HIPAA but to ensure that sensitive health data is classified, encrypted, and monitored.

Tags: Industry Insights, Healthcare

Recommended Resources


  • Best practices for managing DLP in healthcare
  • Overview of vendors' strengths and weaknesses
  • Top use-cases for DLP in healthcare
  • Top InfoSec concerns for healthcare professionals
  • How to protect sensitive data with DLP
  • Advice from security experts and analysts

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.