Most common types of healthcare data breaches
Data breaches of unsecured protected health information (PHI) at healthcare provider organizations, healthcare insurance plans, and their business associates are reported through the HIPAA Breach Notification Rule and the Secretary of Health and Human Services (HHS). The HHS Office for Civil Rights Breach Portal, sometimes referred to as the Wall of Shame, tracks healthcare data breaches that affect more than 500 records.
This Healthcare Insight reviews 2022 healthcare data breaches by their causes, sources of attack, and the number of health records affected.
What is the main cause of healthcare data breaches?
Of the 693 healthcare data breaches reported in 2022, more than three-quarters (78.5%) were due to hacking or IT incidents.
Hacking and IT incidents have consistently been the most common type of breach and the number of healthcare data hacking cases increases each year mainly due to ransomware attacks. Reports of unauthorized access/disclosure, theft, and loss cases have declined over the last few years.
Type of healthcare data breaches
What are the common sources of healthcare data breaches?
Network server breaches make up more than half (56.6%) of the healthcare data breaches in 2022, an increase from 26.2% of breaches in 2019. Email as the source of an attack decreased from 42.2% in 2019 to 22.9% in 2020.
Location of breached healthcare information
How many healthcare data breaches are there each year?
The number of healthcare data breaches continues to increase each year. In 2016 there were 329 reported breaches in healthcare while in 2021 there were 715 – or nearly two healthcare data breaches every day of the year.
There were about 500 or fewer healthcare data breaches each year prior to 2019. There have been more than 650 breaches reported each year since 2020.
As of January 2023, 2022 data breaches in healthcare were approaching 700. New incidents for the prior year will be reported through early 2023.
HHS reported healthcare data breaches by year
How many records are affected by healthcare data breaches?
The 693 healthcare data breaches in 2022 affected more than 51 million individual records. This is a slight decrease from the 54.1 million records from 715 breaches in 2021.
2015 had the highest number of total individuals affected over the last several years with more than 112 million records breached. A single health plan breach risked nearly 79 million records.
Total healthcare records affected by data breaches each year
How many healthcare records are breached on average?
2015 had the highest average due to the one large data breach. Between 2018 and 2022, about 65,600 records on average were affected by healthcare data breaches. In 2022, breaches affected about 74,000 records on average.
Average number of healthcare records breached each year
What types of organizations are targets for healthcare data breaches?
Healthcare providers consistently report the highest number of reported breaches, potentially due to the thousands of hospitals and outpatient facilities across the country (compared to less than 1,000 health insurance carriers) and their levels of adoption of healthcare data security systems.
In 2022, 70.3% of healthcare data breaches took place at healthcare provider organizations. On average, health plans account for 13% of breaches and business associates account for 11.3%.
Type of organization with healthcare breach by year
Healthcare Insights are developed with healthcare commercial intelligence from the Definitive Healthcare platform. Want even more insights? Start a free trial now and get access to the latest healthcare commercial intelligence on hospitals, physicians, and other healthcare providers.