Looking back at 2014, it has brought a lot of concern and fear with the effective management of protected health information managed by healthcare organizations and business associates. It has also been a memorable year for healthcare data breaches. In 2014, healthcare organizations and business associates reported 301 large data breaches (data breach that impacts more than 500 people) – an increase from the 226 large data breaches reported in 2013. With a 33% increase in large data breaches in 2014, it will also be known for the year the FBI warned healthcare organizations that they are at high risk for data breaches due to the lack of security measures and oversight of the protection of the data.
2014 Data Breach Facts
- 88 of the 301 Data Breaches had business associates involved
- 48.6% of the breaches were caused by theft
- 21.6% of data that was breached was stored on paper
- 11,506,782 people were impacted by data breaches
- 10% of data breaches were caused by Hacking/IT Incidents
- 7 States didn’t report any data breaches (MT, ND, HI, RI, VT, WV, ME)
- $7,940,220 was collected in HIPAA fines by the Office of Civil Rights
- 40 – Largest number of data breaches in one state (California)
- 4,932,154 – Largest number of people impacted in one state (Tennessee)
- 18 Data Breaches suffered by one covered entity (Oregon Health Insurance Exchange)
Data Breaches by State in 2014
| State | Number of Data Breaches | People Impacted |
| Alaska | 1 | 2,743 |
| Alabama | 3 | 55,466 |
| Arkansas | 3 | 10,713 |
| Arizona | 4 | 109,828 |
| California | 40 | 1,055,254 |
| Colorado | 6 | 41,096 |
| Connecticut | 3 | 7,390 |
| Delaware | 1 | 1,667 |
| Florida | 29 | 216,210 |
| Georgia | 10 | 365,793 |
| Iowa | 4 | 7,087 |
| Idaho | 1 | 6,900 |
| Illinois | 14 | 67,059 |
| Indiana | 11 | 268,208 |
| Kansas | 3 | 18,894 |
| Kentucky | 6 | 10,005 |
| Louisiana | 3 | 17,051 |
| Massachusetts | 12 | 62,189 |
| Maryland | 4 | 259,533 |
| Michigan | 4 | 11,688 |
| Minnesota | 5 | 25,446 |
| Missouri | 6 | 49,895 |
| Mississippi | 2 | 4,250 |
| North Carolina | 6 | 27,726 |
| Nebraska | 1 | 2,125 |
| New Hampshire | 2 | 1,979 |
| New Jersey | 5 | 76,314 |
| New Mexico | 3 | 4,040 |
| Nevada | 1 | 800 |
| New York | 19 | 247,268 |
| Ohio | 12 | 49,532 |
| Oklahoma | 1 | 6,000 |
| Oregon | 4 | 6,721 |
| Pennsylvania | 10 | 39,902 |
| South Carolina | 3 | 270,978 |
| South Dakota | 1 | 620 |
| Tennessee | 8 | 4,932,154 |
| Texas | 28 | 2,272,685 |
| Utah | 3 | 796,132 |
| Virginia | 8 | 22,688 |
| Washington | 6 | 22,771 |
| Wisconsin | 1 | 2,400 |
| Wyoming | 1 | 2,700 |
With 2015 looking to be another eventful year of HIPAA data breaches and HIPAA enforcement, healthcare organizations need to assure they are evaluating and implementing effective HIPAA oversight and governance programs. It is essential that no matter what the size of the organization – large or small – protection of the privacy and security of patient information needs to be a front leader in the 2015 strategies.
Information Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Danika