Healthcare data is a prime target for hackers. Studies have shown that data breaches cost an average of $8 million for healthcare entities or about $400 per patient record. This emphasizes the need for good defenses and awareness to protect patient health information.
We are creating a report that analyzes at the past 10 years of data from the US Department of Health and Human Services Office for Civil Rights. (12/2009-11/2019) The purpose of the report is to give some insight into the risks and targets of data breaches. We will be releasing sections of the report in our three-times-a-week posts and finally the complete report in downloadable pdf form.
The first graph shows the number of individuals affected by data breaches (blue lines; millions scale on left) vs the number of incidents (orange lines; hundreds scale on right). The perspective of the scale is highly impacted by a single outlying event, which we will see in more detail below. Including this outlier makes some states appear to have zero affected individuals by comparison, but in fact, every state experienced data breaches and had affected individuals.
Next, we see the individuals impacted by state, again millions scale. Indiana is an extreme outlier, especially given its number of incidents, seen in the previous chart, is in line with the rest of the states. The large impact was caused by a single outlying event, the Anthem breach, reported in February 2015, which affected health records of nearly 80 million people. While this makes many states look like they have a minimal problem, most states fall in the 1-10 million range. The lowest number of breaches was in North Dakota where 17,515 individuals were affected.
This chart truncates the Indiana data to give a closer look at all of the other states. A few more states that are lower in population stand out as having higher than average number of individuals affected by breaches. MN, NC, TN, and WA have a higher number of individuals affected than TX, the second-ranked for overall incidents. These states have all had successful large scale breaches. Each state had a single breach affecting 4.5 million or more.
The total number of individuals affected by data breaches has totaled 233,370,887 according to what has been reported. Have you been affected by a breach? What more can you see from the data presented? What questions does it bring to mind?