Healthcare Data Breaches in April 2018

May 20, 2018


April was a specifically a bad month for healthcare data breaches with both the number of breaches and the number of people affected by breaches both considerably higher than in March.

There were 41 healthcare data breaches informed to the Division of Health and Human Services’ OCR in April. Those breaches led to the theft/exposure of 894,874 healthcare files.

Healthcare Data Breach Tendencies


For the past four months, the number of healthcare data breaches informed to OCR has risen month after month.

For the third successive month, the number of records disclosed in healthcare data breaches has risen.


Reasons for Healthcare Data Breaches in April 2018


The healthcare industry might be a big objective for hackers, but the biggest reason for healthcare data breaches in April was illegal access/disclosure occurrences. Although cybersecurity defenses have been improved to make it tougher for hackers to gain access to healthcare data, there is still the main problem stopping accidental data breaches by insiders and hateful acts by healthcare workers.


Biggest Healthcare Data Breaches in April 2018


Over half of the healthcare records disclosed in April were the outcome of a single safety incident at the California Department of Developmental Services. Robbers broke into California Department of Developmental Services offices, stole electronic equipment, and began a fire. Digital copies of PHI on the stolen equipment were encrypted and were therefore not revealed. Most of the PHI was in physical form and it doesn’t seem any paperwork was taken by the robbers.

Although hacking generally leads to the highest number of exposed/stolen files, in April the most serious breaches in terms of the number of people affected, were unauthorized access/disclosure occurrences. In April there were 11 major breaches involving the theft/exposure of more than 10,000 files.


Location of Breached PHI


Among the main reasons for healthcare breaches in April was phishing attacks. There were nine data breaches involving the hacking of electronic mail accounts in April. The high number of phishing attacks underlines the requirement for healthcare companies to invest in technology to avoid hateful electronic mails from being delivered to workers’ inboxes and to improve safety consciousness of the staff.


Data Breaches by Covered Unit


The majority of breaches in April were informed by healthcare suppliers, after that health plans and business associates. Although five breaches were informed by business associates, there was business associate participation in at least 11 occurrences in April.


Healthcare Data Breaches by State


California is the most populous state and often tops the list for healthcare data breaches, even though in April Illinois was the worst impacted state with 6 informed breaches. California was second worst with 5 breaches, after that Texas with 3 breaches.

Florida, Virginia, New Jersey, North Carolina, Minnesota, Maryland, Louisiana, Kansas, Iowa, and Wisconsin each has two breaches informed, while Pennsylvania, New York, Nebraska, Montana, Kentucky, Georgia, and Tennessee each had one reported breach in April.