This month’s data regarding breaches of protected health information reinforces the need for health data security to be a top priority.  With an average of almost 2 breaches per day, November has seen a record number of breach incidents, the highest of any month in 2016.  What’s even more concerning is that employees (insiders) are responsible for more than half of this month’s breaches to patient data, a notable increase from past months.

Each month in 2016 has seen substantial PHI breaches, causing an influx of records for sale on the dark web, which is now causing a sudden price collapse. Hacking and ransomware continue to loom large with several instances of patient data irretrievably lost.

September’s largest single incident involved a ransomware that affected 58,000 records. While the overall number of breached records is down, the second half of 2016 is shaping up to be significantly worse than the first half when it comes to patient data security. September’s breach totals include several olympic athletes after the World Anti-Doping Agency (WADA) suffered from a hacking incident apparently at the hands of Russian cyber-espionage group, Tsar Team (APT28), also known as Fancy Bear. While this month’s patient records breached total (246,876) pales in comparison to this past summer’s total (20 million), it’s important to re-emphasize the ever-evolving threats to patient data and the misfortune that can occur when this information lands in the wrong hands.

The number of breached records reported in August totals an unsettling 8,804,608. While this total does not exceed the staggering 11 million records we reported in June, it once again demonstrates that PHI breaches continue to be a huge problem for a wide array of institutions.  Even more troubling, one breach reported this month began in 2008, taking more than eight years to be publicly reported.

The Protenus Breach Barometer is a monthly snapshot of reported or disclosed breaches impacting the healthcare industry, with data compiled and provided by DataBreaches.net.

Sign-up to be one of the first to receive our Breach Barometer each month.

After a staggering 11 million patient records were breached in June, July's number of total records breached is back down to April’s levels, at 126,930 records (though nearly half of U.S. states had at least one healthcare data breach incident this month). New this month, we present an analysis of the amount of time a breach goes unreported, finding an average time lapse of two years, with as many as six years elapsing in one case.