Breach Report 2016: Protected Health Information (PHI)

Project Description

The 7th Annual Breach Report examines breaches of PHI that occurred in healthcare throughout 2016 and examines the current state of cybersecurity. The report revealed a 320 percent increase in the number of healthcare providers victimized by hackers in 2016, and that 81 percent of records breached in 2016 resulted from hacking attacks specifically. Additionally, 2016 marked the first time a U.S. hospital had been the victim of ransomware, defined as a type of malware that encrypts data and holds it hostage until a ransom demand is met.

Additional findings include:

  • 325 large breaches of PHI, compromising 16,612,985 individual patient records
  • 3,620,000 breached patient records in the year’s single largest incident
  • 40 percent of large breach incidents involved unauthorized access/disclosure

The report also includes a summary of HIPAA enforcement activities announced in 2016 and concludes with recommendations for strengthening privacy and security controls at healthcare organizations.

Download Report