The security surrounding personal health information, patient records, and personal data (in general) is obviously a very important topic throughout the world. Each year, many millions of data breaches in healthcare take place due to a broad range of causes. One of the industries where these data are plentiful is the Health and Human Services sector (hospitals, insurance, clinics, laboratories, etc.).
One of the best sources for healthcare industry data breach information is the US Department of Health and Human Services breach reports. Specifically, HHS hosts a website that lists all reported security breaches affecting individual personal data disclosures across the entire US the healthcare sector. Some among the information security community refer to this website as the “wall of shame“. For those in the healthcare sector, they really don’t want to be on this list.
Curious about breached PHI numbers, including a number of persons affected, cause of the breach, month on month statistics and geographic areas represented, I did some basic research that I wanted to share. I obtained the 2018 records from Jan 1 through the present date and performed some basic PowerBI analysis on the numbers. I also wanted to discover any patterns and trends in the data to indicate any predictability from the past.
What I found was surprising, mostly by the spikes in breaches attributed to both Theft and Hacking/ IT Incident Based on the 2018 data set, May and July were the worst months for total breaches, with huge spikes and a trend related to Hacking/ IT Incident.
- Notice the alternating monthly pattern from May onward.
- Data Theft seems to increase just as proportionally as Hacking/ IT Incidents.
- If the alternating-month pattern continues, then predictably (when reported) September through October could be bad months While presently September through October illustrate low volume in the analysis, the trends are present although many breaches have not yet been reported. And if the growth pattern continues, then Hacking/ IT Incident of PHI could indicate well over 2 million persons affected.
Naturally, I wanted to look back in 2017 to see the patterns and specific numbers presented there. Similarly, the numbers for Hacking /IT Incident were highest during the Summer months.