Breaches by the Numbers September 2019

October 10, 2019 / HIPAA, HIPAA/BA SERVICES

The Department of Health and Human Services Office for Civil Rights (OCR), has reported a staggering increase since this time last year of all forms of breaches of patient PHI.

Note: These figures do not include any 2019 breaches that involved fewer than 500 individuals. A covered entity must notify the Secretary of a PHI breach affecting fewer than 500 individuals within 60 days of the end of the calendar year in which the breach occurred.

There are many reasons for the increase, such as:

  • The current onslaught of ransomware attacks
  • Increased awareness and monitoring by healthcare entities and their business associates.

The table below compares the first eight months of 2018 to the first eight months of 2019.

2018 Jan-Aug2019 Jan- Aug2019 % increase
Number of individuals affected4,680,93737,104,905693%
Number of reports117312167%
Covered Entities97282191%
Business Associates2373217%
Type of breach
Hacking/IT incident59190222%
Improper media/equipment disposal3433%
Loss or theft193584%
# unauthorized access/disclosure3683131%
Method of breach
Desktop computer152567%
Paper or Film1434143%
Laptops & other devices223873%
Network servers1879339%
Back to TMC Blog Gallery