HIPAA Breach Report for March 2020

The Paubox Breach Report analyzed HIPAA breach reporting submitted to the U.S. Department of Health & Human Services ( HHS) in February to analyze the types of breaches of unsecured protected health information (PHI) affecting 500 or more people.

This report will cover:

• HIPAA Breaches Ranked by People Affected
• HIPAA Breaches Ranked by Occurrence
• Takeaways
• Full Data

HIPAA Breaches Ranked by People Affected

Top Three Breach Types

• Laptop breaches ranked in first for the second time this year, with 654,892 people's protected health information (PHI) affected.
• Email breaches ranked second with PHI of 498,773 people breached.
• Network Server breaches came in third with 64,810 people having their PHI breached.
•  

HIPAA Breaches Ranked by Occurrence

The Most Common

• Email again took the top spot as the most common breach type in this month's report with 17 reported breaches.
• Paper Films came in second with 6 breaches.
• Network Server placed third with 3 reported breaches.

Takeaways

Email as a threat vector in healthcare continues to rank as the most common entry point for bad actors, with 17 reported breaches. February may be the shortest month in the year, but it almost tripled January in the number of people affected, with over 1.2 million people having their PHI compromised. The largest breach was caused by Health Share of Oregon's breach that affected 654,362 patients when one of their laptops was stolen from medical transportation vendor GridWorks. Large breaches also occurred from successful phishing attacks on  Aveanna Healthcare and Overlake Medical Center & Clinics that each affected over 100,000 individuals.

Full Data

Click here to view the raw data (Google Sheets).

About the Paubox HIPAA Breach Report