Healthcare Data Breaches
We are going to be exploring and analyzing data from breach reports where a HHS investigation has been completed. You can access the data from the following link. http://asayanalytics.com/breach_archive-csv.
From the link you can see that every row is a different different entity with different information about the breach that occurred, including things such as how many people were affected, and what type of breach it was.
Healthcare Data Breaches by Year.
This shows the number of Breaches that occurred each year from 2009 up until 2018. This shows that the most number of breaches occurred in 2014, and the least number of breaches occurred in 2018.
The Top 25 Largest Healthcare Data Breaches
This table lists the top 25 entities that have had that largest healthcare data breaches. From the top of the list we can see that Anthem has the largest healthcare data breach which affected 78.8 million people.
| Name of Covered Entity | Individuals Affected |
|---|---|
| Anthem, Inc. Affiliated Covered Entity | 78800000 |
| Science Applications International Corporation (SA | 4900000 |
| Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group | 4029530 |
| 21st Century Oncology | 2213597 |
| Xerox State Healthcare, LLC | 2000000 |
| IBM | 1900000 |
| GRM Information Management Services | 1700000 |
| AvMed, Inc. | 1220000 |
| Montana Department of Public Health & Human Services | 1062509 |
| The Nemours Foundation | 1055489 |
| BlueCross BlueShield of Tennessee, Inc. | 1023209 |
| Sutter Medical Foundation | 943434 |
| Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants | 882590 |
| Horizon Healthcare Services, Inc., doing business as Horizon Blue Cross Blue Shield of New Jersey, and its affiliates | 839711 |
| Iron Mountain Data Products, Inc. (now known as | 800000 |
| Utah Department of Technology Services | 780000 |
| AHMC Healthcare Inc. and affiliated Hospitals | 729000 |
| EISENHOWER MEDICAL CENTER | 514330 |
| Radiology Regional Center, PA | 483063 |
| Puerto Rico Department of Health - Triple S Management Corp. | 475000 |
| St Joseph Health System | 405000 |
| Spartanburg Regional Healthcare System | 400000 |
| Triple-S Salud, Inc. - Breach Case#2 | 398000 |
| Triple-S Salud, Inc. | 398000 |
| Community Health Plan of Washington | 381504 |
Total Healthcare Records Exposed by State for the Top 10 States
This shows that Indiana has the most number of exposed healthcare records, close to 80 million. Other states are under the 10 million mark for number of records exposed. 
Number of Healthcare Hacking Incidents by Month
From this we see that March, April, September and December seem to be the months that have to most hacking incidents. February and November have the least number of hacking incidents. 
Number of Breaches by Covered Entity
We can see that Healthcare Providers experience the most number of breaches while Healthcare Clearing Houses experience the least. 
Reported Breaches by Day of the Week
Most breaches are reported during the work week, especially on Friday’s. A small amount of the reports happen over the weekend.
The Five Companies who’ve Affected the Most Number of People
To see which companies have affected the most total number of individuals.
| Name of Covered Entity | Total affected |
|---|---|
| Anthem, Inc. Affiliated Covered Entity | 78800000 |
| Science Applications International Corporation (SA | 4900000 |
| Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group | 4029530 |
| 21st Century Oncology | 2213597 |
| Xerox State Healthcare, LLC | 2000000 |
Each Companies Total Number of Breaches. Who has the most?
When looking at this chart and comparing it to the visual above, we can see that although Anthem has affected the most people, it isn’t the company with the most amount of total breaches
| Name of Covered Entity | Total number of breaches |
|---|---|
| Unity Recovery Group, Inc.,Starting Point Detox LLC, Lakeside Treatment Center LLC, Changing Tides Transitional Living LLC, Unity Recovery Center, Inc | 150 |
| Silver Creek Fitness & Physical Therapy, Silver Creek Physical Therapy Gilroy, Silver Creek Physical Therapy Sunnyvale, Silver Creek Physical Therapy | 149 |
| Horizon Healthcare Services, Inc., doing business as Horizon Blue Cross Blue Shield of New Jersey, and its affiliates | 117 |
| Memorial Hermann Health System, reporting on behalf of Memorial Hermann Health System Employee Group Health Plan | 112 |
| North Carolina Department of Health and Human Services - Division of State Operated Health Care Facilities | 106 |
| Johns Hopkins University Applied Physics Laboratory (JHU/APL) Medical and Dental Insurance Plan | 95 |