About 30.1M Patients Affected by Health Data Breaches Since 2009

The personal data of about 30.1 million people have been affected by the 944 recorded major health data breaches since federal reporting requirements under the 2009 economic stimulus package went into effect, according to an analysis of HHS data, the Washington Post's "Wonkblog" reports. 

HHS defines a major data breach as one affecting at least 500 people.

According to a "Wonkblog" analysis of the data, the types of reported data breaches include:

  • Medical record theft, which has affected 17.4 million individuals;
  • Data loss, which has affected 7.2 million individuals;
  • Hacking, which has affected 3.6 million individuals; and
  • Unauthorized access accounts, which has affected 1.9 million individuals.

The analysis did not include the recent Community Health Systems data breach, which affected 4.5 million patients, according to "Wonkblog."

In addition, HHS data show a number of smaller-scale breaches, or those affecting less than 500 individuals.

For example, HHS in 2012 received 21,194 reports of smaller breaches that affected a total of 165,135 individuals.

Overall, data breaches cost the industry $5.6 billion per year, according to a Ponenom Institute report (Millman, "Wonkblog," Washington Post, 8/19).

Health Care CIOs Boost Data Protection, Communication in Wake of Data Breaches

In response to recent high-profile data breaches, some health care CIOs are altering the way their organizations approach cybersecurity, the Wall Street Journal's "CIO Journal" reports.

Specifically, CIOs said they are:

  • Hiring new, security-focused staff;
  • Implementing new security processes;
  • Installing new security software; and
  • Meeting with their boards more consistently.

Further, some CIOs said they are trying to protect against data breaches through internal training programs that aim to help staff recognize potential threats (Boulton, "CIO Journal," Wall Street Journal, 8/19).

Hackers Leverage Heartbleed To Access CHS Data

In related news, the hackers who stole the personal data of about 4.5 million CHS patients were able to access the information through the "Heartbleed" Internet bug, according to a data security expert, Reuters reports (Finkle/Kurane, Reuters, 8/20).

CHS discovered the breach last month and believes the cyberattack occurred in April and June.

The incident is the second largest HIPAA breach ever reported and the largest hacking-related HIPAA data breach ever reported, according to data from the Office for Civil Rights (iHealthBeat, 8/18).