Record-Breaking Year for Healthcare Data Breaches on the Cards

by | Apr 8, 2017

Indications are that 2017 will be another record breaking year for healthcare data violations. Results for the first quarter of 2017 show data breaches have risen, with rises in theft incidents, hacks and unauthorized disclosures.

Last year was a very bad year for healthcare data breaches. More data breaches were reported than in any other year since the Department of Health and Human Services’ Office for Civil Rights started releasing healthcare data breach summaries in 2009.

In 2016, 329 breaches of more than 500 records were made known to the Office for Civil Rights and 16,655,952 healthcare records were released or stolen.

By the end of Q1, 2016, 64 violations of more than 500 records had been reported to OCR and 3,529,759 had been exposed or stolen.

Between January 1, 2017 and March 31, 2017, OCR received 79 data breach reports from HIPAA covered bodies and business associates. Those breaches have lead to the theft or exposure of 1,713,591 healthcare records.

While fewer people have been affected by healthcare data breaches than in the same period last year, the number of reported breaches has increased by more than 23%.

Hacking incidents have risen by 26%, unauthorized access and disclosures have risen by 28%, and theft incidents have gone up by 30%. Incidents involving improper disposal of PHI have stayed the same and there has been little change in the number of reported loss incidents.

April has also started badly, with Ashland Women’s Health having identified a hacking incident that has lead to the exposure of 19,727 patient health records.

While hacking incidents have increased year on year, the biggest threat comes from inside organizations. Protenus says that in January, 59.2% of healthcare data breaches were caused by inside employees, with February’s healthcare data breach report indicating insiders were liable for 58% of violations.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy