Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Daily eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!

HIPAA data breaches in 2017: Another record breaking year!

By Danika Brinda  bio

Unfortunately as promised, 2017 brought many challenges to properly protecting patient information in healthcare. We saw a record number of data breaches in 2016 with cybersecurity being on a fast and furious rise. In 2017, the trend continued with many healthcare organizations being hit with different cybersecurity attacks, resulting in data breaches. However, on top of the increase in cybersecurity issues, many other reasons for data breaches emerged. A total of 340 large data breaches (500+ individuals impacted) were reported in 2017 impacting 4,977,655 individuals!

Some key highlights from the 2017 HIPAA data breaches

Healthcare providers continue to lead in the number of data breaches. This should come as no surprise as there are more healthcare providers than health plans and healthcare clearing houses in the United States. Of the 340 large data breaches:

  • 274 were reported by covered entities (81%)
  • 49 were reported from health plans (14%)
  • 17 were reported from business associates (5%)

No healthcare clearing houses reported data breaches in 2017—which is interesting as they are also the only type of covered entity that was able to fully pass a HIPAA audit during the HIPAA audit program’s pilot program in 2012.

The total number of individuals impacted by large data breaches was 4,977,655, which is actually a decrease from 2016. The largest data breach of 2017 was due to an employee accessing information on approximately 697,800 individuals with no business reason to access the information. This definitely supports the need for continued employee education as well as auditing of access in electronic systems containing patient information.

Hacking/IT incidents

The category of Hacking/IT Incident was the biggest impact to the number of individual impacted at 3,442,748. The one key item in this picture is that hacking continues to impact the largest number of individuals with healthcare data breaches. In 2017, 69% of the total individuals impacting were due to Hacking/IT Incidents.

Five (5) types of data breaches occurred in 2017 with Hacking/IT Incidents topping the list with 140 data breaches. Unauthorized Access/Disclosure came in a close second with 119 data breaches. Healthcare continues to see a downward trend in the theft and loss breaches categories. Improper disposal came in last with only 11 data breaches (although this really should be 0)!

As usual, data breaches by location are all over the board. E-mail and network server topped the 2017 list of data breach locations, with paper coming in a close third. We must not forget to protect paper and films and properly destroy!

Business associates involvement

The last analysis is how did the business associates involvement play out in 2017. Of the 340 large data breaches reported, 18 were reported that a business associate was involved in the data breach!

Around the country

Other fun HIPAA Data Breach Facts from 2017:

  • Top State for Data Breaches by Count – Texas (32 Large Data Breaches)
  • Top State for Data Breach by Individuals Impacted – Kentucky (768,648)
  • Hawaii, New Mexico, Wyoming, and Idaho had no large data breaches reported in 2017


So, now that we are off and running in 2018, if you don’t have your HIPAA compliance in order, now is the time to start! Don’t know where to start? The best place is to complete a complete HIPAA Privacy and Security Risk Analysis to know the areas where you do not have adequate safeguards or processes in place to help protected the confidentiality and security of patient information. This also helps to create a work plan for getting compliant.

Cheers to a great 2018!

Editor’s picks:

HIPAA extends to gossip as well as to searching out dirt on an ex-spouse

5 essential steps to ensure an effective HIPAA program

Texas health system settles potential HIPAA disclosure violations









Try Premium Membership