October 2017 Healthcare Data Breaches

In the month of October 2017, twenty seven healthcare data breaches informed to the Division of Health and Human Services’ OCR. Those data breaches led to the exposure/theft of 71,377 plan member and patient files. October saw a substantial drop in the number of reported breaches compared to September, and a substantial drop in the number of files revealed.


October saw a substantial drop in the quantity of infringed files, with the monthly total nearly 85% lesser than September and nearly 88% lesser than the average quantity of files opened over the previous 3 months.


Healthcare suppliers were the worst hit in October with 19 informed data breaches. There were 6 data breaches informed by health policies and at least 2 cases involved BAs of HIPAA-covered units.

Main Reasons for October 2017 Healthcare Information Breaches

Illegal disclosures/access were the main reasons for healthcare data breaches in October. There were 14 breaches informed involving illegal disclosures/access, 8 hacking cases, four incidents of thievery, and one unencrypted laptop was misplaced.


Illegal disclosures/access were the top reasons of October 2017 healthcare data breaches, even though IT/hacking cases revealed more files – more than two times the quantity of files disclosed by illegal disclosures/access and IT/hacking cases disclosed more files than all other breaches types combined.


Place of Stolen and Exposed PHI

Email was the most usual place of opened PHI in October. Five out of the nine cases involving electronic mail were the consequence of IT/hacking cases like phishing. The leftover four cases were illegal disclosures/access like healthcare workers sending electronic mail having PHI to mistaken receivers. Five cases involved paper proofs, underscoring the significance of getting actual records and automated shielded health information.

October 2017 Healthcare Data Breaches State wise

In October, healthcare companies centered in 22 states informed data breaches. The state that suffered the most data breaches was Florida, with 3 informed breaches. New York, Massachusetts, and Maryland each had two breaches.

Washington, Virginia, Texas, Tennessee, Rhode Island, Ohio, North Carolina, Arizona, Louisiana, Kentucky, Kansas, Illinois, Iowa, Georgia, Connecticut, California, and Alabama, each had one reported breach.

Biggest Healthcare Data Breaches in October 2017


Breached Unit Unit Type Breach Type People Affected
Chase Brexton Health Care Healthcare Provider IT/Hacking Incident 16,562
East Central Kansas Area Organization on Aging BA IT/Hacking Incident 8,750
Brevard Doctor Companions Healthcare Supplier Thievery 7,976
MHC Coalition for Wellness and Health Healthcare Supplier Thievery 5,806
Catholic Aids of the Diocese of Albany Healthcare Supplier IT/Hacking Case 4,624
Orthopedics NY, LLP Healthcare Supplier Disclosure/Unauthorized Access 2,493
Mann-Grandstaff VA Medical Center Healthcare Supplier Thievery 1,915
Arch City Dental, LLC Healthcare Supplier Disclosure/Illegal Access 1,716
John Hancock Life Insurance Company (U.S.A.) Health Plan Disclosure/ Illegal Access 1,715