Healthcare Suffers Most HITECH Act Breaches Ever in 2018

HIP/SA Analysis Shows Better Physical Security but Greater Need for Cybersecurity in Healthcare

The OCR data showed the need for better cybersecurity and how healthcare is doing a better job of physically protecting PHI. Loss and theft accounted for 104 breaches in 2015 compared to 55 in 2018.”
— Dennis Melamed, editor of HIP/SA

ALEXANDRIA, VA, US, January 28, 2019 / -- Healthcare organizations suffered the most major breaches under the HITECH Act in 2018 since the program began in 2009, according to the latest analysis by the independent newsletter, Health Information Privacy/Security Alert (HIP/SA). The 363 breaches affected more than 13.2 million patients.

The number of patients affected annually varies widely from year to year, according to the HIP/SA analysis. In 2017, the industry suffered 359 breaches affecting 5.1 million patients compared to 327 breaches affecting 16.6 million patients in 2016, the analysis found.

However, the largest number of patients suffered from breaches reported in 2015 when 192 million patients were affected. That year included the Anthem, Inc. breach which affected 78.8 million patients, the Premera Blue Cross breach affecting 11 million patients and the Excellus Health Plan, Inc. breach affecting 10 million patients. The three breaches all had their network servers hacked.

Business Associates (BA) also suffered the largest number of breaches in 2018 with 84 affecting 5.8 million patients. The largest number of patients were affected by BA breaches in 2014 when 8.9 million patients were affected by hacks. Almost half of the patients were affected by the hacking of the Community Health Systems Professional Services Corp. network, which affected 4.5 million patients.

Since 2015, hacking incidents have steadily grown in number. In 2015, hacking accounted for 56 breaches and rose to 157 in 2018. The number patients affected by hacking varied widely. For example, in 2018, 9.1 million patients were affected by hacking incidents while 3.5 million were affected in 2017.

"The OCR data showed the need for better cybersecurity and how healthcare is doing a better job of physically protecting PHI,” observed Dennis Melamed, editor of HIP/SA. “For example, loss and theft of patient data accounted for 104 breaches in 2015 compared to 55 in 2018.”

Under the HITECH Act, healthcare entities must report breaches affecting 500 or more patients to the HHS Office for Civil Rights where summaries of the incidents are published for public inspection. Approximately 38 breaches affected the minimum 500 patients of the 2,550 major breaches reported since the program began in September 2009. Approximately 650 breaches affected fewer than 1,000 patients.

A fuller analysis is available in the January issue of HIP/SA.


Since 1997, Melamedia, LLC has published Health Information Privacy/Security Alert, the healthcare industry's oldest independent publication devoted to the issues related to the confidentiality and security of health and medical data.

Katalin Sugar
email us here
+1 703-704-5665

EIN Presswire does not exercise editorial control over third-party content provided, uploaded, published, or distributed by users of EIN Presswire. We are a distributor, not a publisher, of 3rd party content. Such content may contain the views, opinions, statements, offers, and other material of the respective users, suppliers, participants, or authors.