Assignment 4 P1
CTM
2023-03-02
Breach of Unsecured Protected Health Information
The information used to create the following models was collected and repoeted by US Department of Health and Human Services (HHS) in the Office for Civil Rights (OCR). By law the OCR must report cases where covered entities (CE—organizations responsible for protecting health information) have a breach that affects more than 500 individuals.
Reported Statistics
This table shows the total number of occurrences of each covered entity type of data breach reported by the US Department of Health and Human Services (HHS).
| Covered Entity Type | Count | Average Number of Individuals Affected | Standard Deviation of Individuals Affected | Median Number of Individuals Affected | Maximum NUmber of Individuals Affected |
|---|---|---|---|---|---|
| Business Associate | 285 | 59113.34 | 355502.239 | 3164.0 | 4900000 |
| Health Plan | 200 | 430357.68 | 5571383.408 | 2807.0 | 78800000 |
| Healthcare Clearing House | 4 | 4438.50 | 3904.057 | 3252.0 | 10000 |
| Healthcare Provider | 1220 | 17469.74 | 145014.318 | 1963.5 | 4029530 |
Reported Data Beaches by Year
The information coolect is fro 2011 up until 2016.
This graph allows us to see that since this program was started there have been a substansil number of reported data breachs each year. On avarge there are about 200 breaches each year.
Breaches by Month
With the understanding that about 200 breaches accour yeary on
averge, we can now look deeper into when the breaches accour thoughout
the year specificly by month.
As stated before with on average about 200 breaches occurring a year the graphic above shows us that one average by each month over the span of 5 years. There is no direct pattern as to time of year when most breaches occur.
Breaches by the Day of the Week
With an understanding of the year to year break down and the month to
month break down we can now look into the weekday by weekday breakdown
This graphic shows that from the total number of the breaches on each day of the week, Friday results in the most breaches compared to all other days of the week. This could be in part to companies waiting till the end of the work week to submit in there report of the data breach occurring.
Largest Breaches Rported
While 200 data breaches a year may seem like a lower number, it becomes much more prevalent as to how many individuates have been affect by these breaches when reviewing the actual total counts of the largest recorded data breaches.
| Name of Covered Entity | Individuals Affected |
|---|---|
| Anthem, Inc. Affiliated Covered Entity | 78800000 |
| Science Applications International Corporation (SA | 4900000 |
| Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group | 4029530 |
| 21st Century Oncology | 2213597 |
| Xerox State Healthcare, LLC | 2000000 |
| IBM | 1900000 |
| GRM Information Management Services | 1700000 |
| AvMed, Inc. | 1220000 |
| Montana Department of Public Health & Human Services | 1062509 |
| The Nemours Foundation | 1055489 |
| BlueCross BlueShield of Tennessee, Inc. | 1023209 |
| Sutter Medical Foundation | 943434 |
| Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants | 882590 |
| Horizon Healthcare Services, Inc., doing business as Horizon Blue Cross Blue Shield of New Jersey, and its affiliates | 839711 |
| Iron Mountain Data Products, Inc. (now known as | 800000 |
| Utah Department of Technology Services | 780000 |
| AHMC Healthcare Inc. and affiliated Hospitals | 729000 |
| EISENHOWER MEDICAL CENTER | 514330 |
| Radiology Regional Center, PA | 483063 |
| Puerto Rico Department of Health - Triple S Management Corp. | 475000 |
| St Joseph Health System | 405000 |
| Spartanburg Regional Healthcare System | 400000 |
| Triple-S Salud, Inc. - Breach Case#2 | 398000 |
| Triple-S Salud, Inc. | 398000 |
| Community Health Plan of Washington | 381504 |
With this table we can see that out of the top 25 largest data breaches reported the largest breach alone affected 78,800,000 individuals alone with the smallest of the top 25 also affecting 381,504 individuals. Even though there is a large break between the largest break and the rest it is import to remember that over 200 of these data breaches are occurring each year.
Breaches by State
With so many breaches occurring it can be important to see where the most individuals are being affected. The following graphic shows the top 10 states with the most individuals affected.
An important note to make here about this graphic is that Indiana is showing the results from the anthem blue cross breach. Due to there headquarters being located in Indiana, the total number of individuals affected is represented by this state alone when in reality individuals from across several states were affected by this data breach.
Breaches by Entity Type
When understanding what this data represents we can break the information about the breaches down into individual classification of the type business or practice in which the data was lost
| Covered Entity Type | Total |
|---|---|
| Business Associate | 285 |
| Health Plan | 200 |
| Healthcare Clearing House | 4 |
| Healthcare Provider | 1220 |
This table is able to show simply that out of the reported breaches, they can be split up into one of four different business types, Business Associate,Health Plan, Healthcare Clearing House, or Healthcare Provider.
Major Business Associate Breach Years
Lets take a look into a specific Entity type, such as Business Associate and healthcare provider. While we have to average number of breaches that occur each year, we can specifically look into what years Business Associate related breached resulted in at least 50 breaches from a ‘Business Associate’ covered entity type and at least 150 breaches from a healthcare provider covered entity type.
| year |
|---|
| 2013 |
| 2014 |
This table is able to show that there are two years in which at least 50 reported breaches were from a ‘Business Associate’ covered entity type and at least 150 breaches were from a healthcare provider covered entity type with these years being 2013 and 2014.
Breach Type Over Time
When understanding the types of data breaches we have access in this
report to how the breach occurred. The following graphic can show us any
patterns related to the different types of breaches which occoured over
the recorded years.
From the graphic above we can see that breaches related to Theft rose from 2009 to 2010 then has been at a nice decline since then. Breaches related to access was on a constant rise until 2016 before dropping. Breaches related to disposal has always remained low. Breaches related to hacking slowly grew with a spike in 2016 then decreasing. Breaches related to loss has always remained low with a slight growth in 2014. Breaches other then the regular reported grew up until 2014 then dropped off, with finally breached with an unknown type always remaining low.
Top State by Breach Type
With there being seven total possible types of breaches reported, we can use the collected data to see which states has the highest number of each breach type including Access, disposal, Hacking, loss, other, theft, and unknown.
| State | Breach Type | Value |
|---|---|---|
| CA | theft | 114 |
| CA | loss | 16 |
| CA | access | 50 |
| CA | other | 14 |
| FL | unknown | 2 |
| NC | unknown | 2 |
| TX | hacking | 30 |
| TX | disposal | 9 |
With this table we are able to see the top state for each type of data breach: -Hacking/IT Incident is Texas -Theft is California -Loss is California -Access is California -Disposal is Texas -Unknown is North Carolina and Florida -Other is California
Breach Type Totals by Year
We can investigate a combination of all the different breach types
and the number of individuals affected by year and see where the most
breaches of each type occurred over the years and the number of
individuals affected.
With this graphic we can see that in 2009 other was the largest breach type, 2010 was theft, 2011 was loss, 2012 was theft, 2013 was theft, 2014 was access, 2015 was hacking, 2016 was hacking and 2017 was hacking. Something to note is this graphic clearly shows that the largest breach on record was in 2015 and was a hacking breach.