Since the start of 2021, 155 organizations reported to HHS that 12,406,655 individuals were affected by data breaches.
Breaches of protected health information affecting more than 500 individuals are required to be listed on HHS' breach portal. Some organizations reported breaches that occurred in multiple locations, and therefore the total number of locations is 163.
Of the 155 organizations that fell victim to data breaches, 72 organizations experienced data breaches through network servers. For some companies, it was their own networks, while others experienced breaches through vendors. In one example, file-transfer vendor Accellion had a data breach that affected at least seven healthcare organizations and 3.38 million people nationwide.
The second most common location of a data breach was through email, where 49 healthcare organizations were attacked through phishing emails or other methods.
After network and email hacks, stolen physical copies of papers containing PHI were the most common and affected 13 organizations, followed by other (11), electronic medical records (nine), desktop computers (five), laptops (three), and portable devices (one).