Healthcare data breaches affect 29M records from 2010 to 2013

Healthcare-related data breaches increased between 2010 and 2013, according to an analysis of an online database maintained by the U.S. Department of Health and Human Services. During that time period, health plans and clinicians reported 949 breaches had affected 29.1 million records.

Vincent Liu, MD, MS, of the Kaiser Permanente Division of Research in Oakland, Calif., and colleagues reported their findings online in JAMA on April 14.

They evaluated data breaches that affected at least 500 individuals and included thefts of unsecured laptops, data dissemination in emails and improper disposal of patient records. There were 214 data breaches involving 5.1 million records in 2010 compared with 265 data breaches involving 9 million records in 2013. Between 2010 and 2013, six data breaches affected at least 1 million records.

Of the 949 total data breaches, 32.7 percent were from portable electronic devices or laptop computers, 22.3 percent were from paper, 15.6 percent were from desktop computers, email or EMRs and 10.6 percent were from network servers.

In addition, 58.2 percent of breaches were identified as theft, 14.8 percent were classified as unauthorized access, 11.1 percent were classified as loss or improper disposal and 7.1 percent were identified as a hacking or IT incident.

The researchers noted the study underestimated healthcare data breaches because they only included reported breaches affecting at least 500 individuals. They also did not examine the costs associated with the breaches and the rates the breaches occurred based on the number of records in the U.S.