In the month of October 2017, twenty seven healthcare data breaches informed to the Division of Health and Human Services’ OCR. Those data breaches led to the exposure/theft of 71,377 plan member and patient files. October saw a substantial drop in the number of reported breaches compared to September, and a substantial drop in the number of files revealed.
October saw a substantial drop in the quantity of infringed files, with the monthly total nearly 85% lesser than September and nearly 88% lesser than the average quantity of files opened over the previous 3 months.
Healthcare suppliers were the worst hit in October with 19 informed data breaches. There were 6 data breaches informed by health policies and at least 2 cases involved BAs of HIPAA-covered units.
Main Reasons for October 2017 Healthcare Information Breaches
Illegal disclosures/access were the main reasons for healthcare data breaches in October. There were 14 breaches informed involving illegal disclosures/access, 8 hacking cases, four incidents of thievery, and one unencrypted laptop was misplaced.
Illegal disclosures/access were the top reasons of October 2017 healthcare data breaches, even though IT/hacking cases revealed more files – more than two times the quantity of files disclosed by illegal disclosures/access and IT/hacking cases disclosed more files than all other breaches types combined.
Place of Stolen and Exposed PHI
Email was the most usual place of opened PHI in October. Five out of the nine cases involving electronic mail were the consequence of IT/hacking cases like phishing. The leftover four cases were illegal disclosures/access like healthcare workers sending electronic mail having PHI to mistaken receivers. Five cases involved paper proofs, underscoring the significance of getting actual records and automated shielded health information.
October 2017 Healthcare Data Breaches State wise
In October, healthcare companies centered in 22 states informed data breaches. The state that suffered the most data breaches was Florida, with 3 informed breaches. New York, Massachusetts, and Maryland each had two breaches.
Washington, Virginia, Texas, Tennessee, Rhode Island, Ohio, North Carolina, Arizona, Louisiana, Kentucky, Kansas, Illinois, Iowa, Georgia, Connecticut, California, and Alabama, each had one reported breach.
Biggest Healthcare Data Breaches in October 2017
|Breached Unit||Unit Type||Breach Type||People Affected|
|Chase Brexton Health Care||Healthcare Provider||IT/Hacking Incident||16,562|
|East Central Kansas Area Organization on Aging||BA||IT/Hacking Incident||8,750|
|Brevard Doctor Companions||Healthcare Supplier||Thievery||7,976|
|MHC Coalition for Wellness and Health||Healthcare Supplier||Thievery||5,806|
|Catholic Aids of the Diocese of Albany||Healthcare Supplier||IT/Hacking Case||4,624|
|Orthopedics NY, LLP||Healthcare Supplier||Disclosure/Unauthorized Access||2,493|
|Mann-Grandstaff VA Medical Center||Healthcare Supplier||Thievery||1,915|
|Arch City Dental, LLC||Healthcare Supplier||Disclosure/Illegal Access||1,716|
|John Hancock Life Insurance Company (U.S.A.)||Health Plan||Disclosure/ Illegal Access||1,715|