HIPAA-covered entities that experience a breach affecting more than 500 individuals are required to report the incident to OCR and earn a spot on the portal, commonly referred to as the “wall of shame.” The portal has been collecting data since 2009.
Of the breaches reported to OCR since the start of 2018, 91 are listed as hacking or IT incidents (affecting 4.3 million individuals), 91 are listed as unauthorized access or disclosure breaches (affecting 803,000 individuals), 41 are listed as theft or loss (affecting 677,000 individuals, 13 of which involved paper or film records), six are listed as improper disposal (affecting 330,000 individuals), and the remainder involved unencrypted computing devices (affecting 80,000 individuals).
Here are the five largest healthcare data breaches reported so far in 2018:
1. West Des Moines, Iowa-based UnityPoint Health: 1,421,107 individuals affected in a hacking/IT incident
2. California Department of Developmental Services: 582,174 individuals affected in a theft incident
3. Bartlett, Tenn.-based MSK Group: 566,236 individuals affected in a hacking/IT incident
4. Baltimore-based LifeBridge Health: 538,127 individuals affected in a hacking/IT incident
5. SSM Health St. Mary’s Hospital-Jefferson City (Mo.): 301,000 individuals affected in an improper disposal incident
More articles on cybersecurity:
Homeland Security issues alerts for some Philips medical devices
Georgia university risks health, personal information of 417K in breach from 1 year ago
Most medical device cybersecurity issues attributed to user authentication, report finds