There have been 229 data breaches affecting 6.1 million individuals submitted to HHS' Office for Civil Rights' breach portal since the start of 2018, according to HealthcareInfoSecurity.
HIPAA-covered entities that experience a breach affecting more than 500 individuals are required to report the incident to OCR and earn a spot on the portal, commonly referred to as the "wall of shame." The portal has been collecting data since 2009.
Of the breaches reported to OCR since the start of 2018, 91 are listed as hacking or IT incidents (affecting 4.3 million individuals), 91 are listed as unauthorized access or disclosure breaches (affecting 803,000 individuals), 41 are listed as theft or loss (affecting 677,000 individuals, 13 of which involved paper or film records), six are listed as improper disposal (affecting 330,000 individuals), and the remainder involved unencrypted computing devices (affecting 80,000 individuals).
Here are the five largest healthcare data breaches reported so far in 2018:
1. West Des Moines, Iowa-based UnityPoint Health: 1,421,107 individuals affected in a hacking/IT incident
2. California Department of Developmental Services: 582,174 individuals affected in a theft incident
3. Bartlett, Tenn.-based MSK Group: 566,236 individuals affected in a hacking/IT incident
4. Baltimore-based LifeBridge Health: 538,127 individuals affected in a hacking/IT incident
5. SSM Health St. Mary's Hospital-Jefferson City (Mo.): 301,000 individuals affected in an improper disposal incident