The Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health & Human Services (HHS) in September 2021.
This report will cover:
HIPAA breaches ranked by people affected
Most common breaches by type
- Desktop breaches affected the most people in September 2021. 580,093 individuals had their data breached.
- Network servers were the second most common breach, with 443,010 people affected.
- Email breaches affected 171,544 people, the third most common breach type.
HIPAA breaches by occurrence
Most common breach types
- Network servers were the most common attack vector in September 2021. There were eighteen networker server breaches.
- Email breaches were the second most common attack vector; twelve attacks via email were reported.
- Desktop breaches were reported four times last month.
Year over year comparison
These charts compare the numbers reported in previous Paubox HIPAA Breach Reports with this month’s report.
HIPAA breaches ranked by people affected
WHAT WE OBSERVE
- Network servers, email, and desktop breaches affected the most people overall in September 2017-2021.
- Network servers impacted more people than all other attack vectors combined.
- Email breaches affected a total of 1,112,279 people and desktop breaches affected a total of 921,835 people.
- There were two network server breaches that affected over 4 million people total in September 2020: Trinity Health and Inova Health Systems.
HIPAA breaches ranked by occurrence
WHAT WE OBSERVE
- Network servers, email, and paper/films breaches were the most common attack vectors in September 2017-2021.
- Network servers were breached a total of 94 times.
- Emails breaches occurred a total of 62 times and paper/films breaches occurred 24 times.
- The largest number of network server and email breaches happened in September 2020.
Takeaways
Desktop breaches affected the most people in September 2021. This is the first time in three months that network server breaches haven’t impacted the most individuals.
State of Alaska Department of Health & Social Services had the largest breach affecting 500,000 people. USV Optical, Inc. had the second-largest breach affecting 180,000 people.
When looking at the yearly comparison, we see that network server and email breaches are very popular attack vectors for bad actors over the last five September months.
Over 11,000,000 total individuals have had their data breached via network server and email breaches in this time frame.
Full data
Click here to view the HHS’ raw data via Google Sheets.
RELATED: Google and HIPAA compliance: the ultimate guide
About the Paubox HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in 2021.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.