Healthcare Data Breach Analysis - #2 - The differing sizes of data breaches
by adgrooms on December 14, 2019

We are currently working on a healthcare data breach report, visualizing and analyzing reported incidents from the last ten years. This is the second installment of our data breach report. We will keep releasing portions of the report as we make new discoveries.

Breaches come in all sizes, from a stolen laptop to a database break-in. We can see this in the report data. The scatter graph below shows the relationship between the number of breaches vs. the individuals affected. This shows the difference between one successful large breach, as was accomplished in Indiana vs many smaller breaches yielding fewer individual records as Texas represents.

Scatter Chart: Number of Incidents versus Number of People Impacted

In another view of breaches vs. individuals affected, the following chart shows the average number of individuals affected per incident. Here Texas appears to have a near-average number compared with the other states while Indiana has the highest.

Ratio of Individuals to Incidents by State

Indiana has the distinction of being the state with a far greater amount of individuals affected by data breaches. While the number of breaches is higher than average, they aren’t anomalous like the individuals affected. This can be attributed to a data breach at the insurer Anthem. A subsidiary experienced a spear-phishing attack through email. This breach was highly effective. Between December 2, 2014, and January 27, 2015 hackers stole 79 million patient health records.

Indiana Data Breaches: Incidents and Individuals Affected

Texas has a large number of incidents but with relatively few individuals affected compared to the rest of the states. This could indicate more knob turning style hacking where the bad actor tries to get into random places. They typically succeed due to lax security efforts. Many of the breaches resulted from stolen laptops, several of which contained thousands of patient health records.

Texas Data Breaches: Incidents and Individuals Affected

Data breaches can have a wide range of impacts as seen in these charts. There are some things the data cannot tell us. We cannot know what incidents have not been reported. We cannot know if any of the data was accessed and used for illegal purposes. Stay tuned for further insights and observations. Please feel welcome to send us any questions.

Tags: security,HealthTech,PHI
Permalink | Last updated on December 14, 2019