January 12, 2017
Protenus recently collaborated with DataBreaches.net to publish the “Breach Barometer Report: Year in Review.”
Here are eight additional findings from the analysis.
1. There were 450 total breach incidents in 2016. The analysis is based on 450 incidents either reported to HHS or disclosed to the media throughout the year. Information was available for 380 of the incidents.
2. More than 27 million patient records were breached in 2016. The breaches resulted in 27,314,647 affected patient records.
3. Insiders caused 43 percent of the data breach incidents. Insiders — including employees stealing patient information or snooping in patient files — were the cause of 192 incidents. Ninety-nine incidents were due to insider error or accident, and 91 were due to insider wrongdoing.
4. Hacking and ransomware were responsible for 26.8 percent of the breaches. Hacking and ransomware caused 120 breach incidents in 2016. The 120 includes 30 ransomware incidents and 10 incidents that involved ransom or extortion demands but not ransomware.
5. Of the entities that reported breaches, 80.6 percent of them were healthcare providers. Approximately 356 breach incidents involved healthcare providers. Another 45 incidents involved health plans.
6. It took the average entity 607 days to discover breaches caused by insider wrongdoing. On a wider scale, it took the average entity 233 days to discover it had experience a breach.
7. It took the average entity 344 days to report a breach to HHS. HHS requires entities to report breaches within 60 days of discovery, and only 86 entities reported their breach to HHS within that timeframe.
8. Breach incidents affected 47 states. However, Protenus and DataBreaches.com only had location information available for 443 of the total incidents. California reported the most breaches — 73 — while Idaho, North Dakota and Vermont did not disclose any breaches.