The number of health data breach victims reported to Federal agencies in 2018 has doubled in recent weeks to more than 2 million.
The largest breach of the year so far involved a break-in at a California government office that affected 582,000 individuals. The agency report the "unauthorized access/disclosure" incident to OCR in April. In a statement posted on the agency's site, DDS says "trespassers ransacked files, vandalized and stole state property and started a fire" at the agency's Sacramento legal and auditing offices. The offices contained PHI of about 582,000 individuals, plus personal information of about 15,000 employees at the agency's regional centers, service providers, and applicants seeking employment with the department, the statement says. After the break-in, DDS discovered a number of paper documents and compact discs were either displaced or damaged from the fire and the sprinklers. DDS says it has no evidence that personal and health information was compromised due to the incident. Also stolen in the break-in were 12 laptop computers owned by the state. Those computers, however, were encrypted, the statement notes.
The incident involving the California DDS is one of 57 breaches reported in 2018 so far that are described as "unauthorized access/disclosure" cases. In total, those incidents have impacted 1.1 million individuals; about half of those breach victims were impacted by the California DDS break-in.
As of Thursday, the Department of Health and Human Services' HIPAA Breach Reporting Tool website - commonly called the "wall of shame" - showed that 124 breaches have been reported to HHS so far in 2018. About 30% of those breaches - 38 incidents - have been posted to the website since April 17, the last time Information Security Media Group analyzed the federal breach tally.
By far the largest of breach ever posted on the wall of shame is a hacking incident reported in 2015 by health insurer Anthem Inc., which impacted 78.8 million individuals.