Comparison of Healthcare Data Breaches From 2015 to 2017

This article compares the largest healthcare data breaches from 2015 to 2017. The past two years were record-breaking with respect to healthcare data breaches. What about 2017?

The healthcare industry had a bad year on 2015. It records the largest healthcare data breaches ever. Anthem Inc. had a massive data breach impacting 78.8 million records in just one cyberattack. Two other healthcare data breaches impacted 10 million or more records. The total number of individuals that were impacted by breaches was 112,107,579 individuals.

It was a better for the healthcare industry in 2016. There were no mega data breaches but there was an increase in the number of breaches reported by HIPAA-covered entities and business associates. Three breaches impacted over one million people and 14 breaches impacted 100,000 patient records. The total number of individuals that were impacted by breaches was only 14,679,461.

For 2017, fortunately, there were no mega breaches as what happened in 2015. Only one data breach impacted over 500,000 individuals and 8 breaches impacted over 100,000 individuals. The total number of individuals that were impacted by breaches in 2017 is not yet calculated. According to the HIPAA Breach Notification Rules, covered entities still have up to 60 days after the end of 2017 to report data braches that impacted more than 500 persons. So, the deadline to submit data breach reports in on March 1, 2018. However, the current data show there were 3,286,498 people impacted by data breaches in 2017.

The reduction in the severity of breaches is good news as well as the fairly consistent numbers of breaches of over 10,000 records year on year (from 2015 to 2017, the numbers of breaches were 52, 82 and 78, respectively). The bad news is the significant increase in the number of incidents. 2015 had 270 breaches; 2016 had 327 breaches. 2017 had 342 breaches, which is listed on the OCR breach portal as of January 4, 2018. More will likely be added until March 1, 2018.

It is unlikely that the number of healthcare data breaches will go down in 2018. Cybersecurity firms even predict that the number of incidents will continue to go up.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at