{"id":165726,"date":"2021-06-28T22:16:27","date_gmt":"2021-06-28T22:16:27","guid":{"rendered":"https:\/\/beta.healthit.gov\/dashboard_stats\/breaches-unsecured-protected-health-information\/"},"modified":"2026-02-20T16:00:19","modified_gmt":"2026-02-20T21:00:19","slug":"breaches-unsecured-protected-health-information","status":"publish","type":"quick-stat","link":"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/","title":{"rendered":"Breaches of Unsecured Protected Health Information"},"content":{"rendered":"\n<p>Based upon data collected by the HHS Office for Civil Rights, as of February 1, 2016, protected health information breaches affected over 113 million individuals in 2015. In 2015, hacking incidents comprised nearly 99% of all individuals affected by breaches, and the number of reported hacking incidents, 57, comprised over 20% of all reported breaches. From 2011 to 2014, 97 hacking incidents affected less than 4 million individuals &#8211; less than 10% of all reported breaches and affected individuals during this time.<\/p>\n\n\n\n<p>However, despite the rise in breaches related to hacking incidents, reported breaches related to other incidents and the number of individuals affected by these breaches are down in 2015. Through February 1, 2016, theft, loss, improper disposal, and unauthorized access or disclosure of protected health information comprise 208 of all reported breaches (N=265), down from 216 (N=285) in 2014 and 211 (N=262) in 2013. These four types of breach incidents affected 1.4 million individuals in 2015, compared to 10.7 million in 2014 and 6.7 million in 2013.<\/p>\n\n\n\n<p style=\"padding-bottom:var(--wp--preset--spacing--50)\">In 2015, four of the fifty-one hacking incidents involved an electronic medical record (EMR). One hacking incident affected 3.9 million individuals&#8217; health information &#8211; nearly all the individuals affected by an EMR hacking incident in 2015.<\/p>\n\n\n\n<div class=\"wdt-wrapper-chart-loader\" data-id=\"16\"\n     style=\"height: 400px;\">\n    <div class=\"wdt-main-item\">\n                <div class=\"wdt-chart-animated-background\" style=\"height: 100px\">\n            <div class=\"wdt-background-masker wdt-btn-divide-left wdt-chart-one\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-2\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-3\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-4 wdt-chart-three\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-5\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-6\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-7 \"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-8\"><\/div>\n        <\/div>\n        <div class=\"wdt-chart-animated-background\" style=\"height: 100px\">\n            <div class=\"wdt-background-masker wdt-btn-divide-left\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-2 wdt-chart-two\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-3\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-4\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-5 wdt-chart-four\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-6\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-7\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-8\"><\/div>\n        <\/div>\n        <div class=\"wdt-chart-animated-background\" style=\"height: 100px\">\n            <div class=\"wdt-background-masker wdt-btn-divide-left\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-2\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-3\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-4\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-5\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-6 wdt-chart-five\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-7\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-8\"><\/div>\n        <\/div>\n        <div class=\"wdt-chart-animated-background\" style=\"height: 100px\">\n            <div class=\"wdt-background-masker wdt-btn-divide-left\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-2\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-3\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-4\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-5\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-6\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-7\"><\/div>\n            <div class=\"wdt-background-masker wdt-btn-divide-left-8\"><\/div>\n        <\/div>\n        <div class=\"wdt-static-background\">\n            <div class=\"wdt-background-masker\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n    <script type=\"text\/javascript\">\n        if (typeof (wpDataCharts) == 'undefined') wpDataCharts = {};\n        wpDataCharts[16] = {\n            render_data: {\"wdtNumberFormat\":\"2\",\"options\":{\"title\":{\"text\":\"\",\"floating\":false,\"align\":\"center\"},\"series\":[{\"type\":\"\",\"name\":\"Individuals Affected by a Hacking\\\/IT Incident Breach\",\"color\":\"#007d70\",\"label\":\"Individuals Affected by a Hacking\\\/IT Incident Breach\",\"orig_header\":\"individualsaffectedbyahackingitincidentbreach\",\"data\":[568358,297269,900684,236897,1792045,111812172]},{\"type\":\"\",\"name\":\"Individuals Affected by a Non-hacking\\\/IT Incident Breach\",\"color\":\"#0f34ba\",\"label\":\"Individuals Affected by a Non-hacking\\\/IT Incident Breach\",\"orig_header\":\"individualsaffectedbyanonhackingitincidentbreach\",\"data\":[4955818,12852523,1887720,6705917,10829781,1443152]}],\"xAxis\":{\"categories\":[2010,2011,2012,2013,2014,2015],\"crosshair\":false},\"chart\":{\"backgroundColor\":\"\",\"borderWidth\":0,\"borderColor\":\"\",\"borderRadius\":0,\"zoomType\":\"none\",\"panning\":false,\"panKey\":\"shift\",\"plotBackgroundColor\":\"\",\"plotBackgroundImage\":\"\",\"plotBorderColor\":\"\",\"plotBorderWidth\":0,\"inverted\":false},\"yAxis\":{\"gridLineDashStyle\":\"solid\",\"title\":{\"text\":\"Number of individuals affected\"},\"crosshair\":false},\"subtitle\":{\"text\":\"\",\"align\":\"center\"},\"tooltip\":{\"enabled\":true,\"backgroundColor\":\"rgba(255, 255, 255, 0.85)\",\"borderWidth\":\"1\",\"borderColor\":\"\",\"borderRadius\":\"3\",\"shared\":false,\"valuePrefix\":\"\",\"valueSuffix\":\"\"},\"legend\":{\"enabled\":true,\"backgroundColor\":\"\",\"title\":{\"text\":\"\"},\"layout\":\"horizontal\",\"align\":\"center\",\"verticalAlign\":\"bottom\",\"borderWidth\":\"0\",\"borderColor\":\"\",\"borderRadius\":\"0\"},\"exporting\":{\"enabled\":false,\"chartOptions\":{\"plotOptions\":{\"series\":{\"dataLabels\":{\"enabled\":false}}}},\"filename\":\"\",\"width\":\"\",\"buttons\":{\"contextButton\":{\"align\":\"right\",\"verticalAlign\":\"top\",\"symbolStroke\":\"#666\",\"text\":\"\"}}},\"credits\":{\"enabled\":true,\"href\":\"https:\\\/\\\/www.highcharts.com\",\"text\":\"Highcharts.com\"}},\"type\":\"highcharts_stacked_column_chart\",\"height\":400},\n            engine: \"highcharts\",\n            type: \"highcharts_stacked_column_chart\",\n            title: \"Breaches of Unsecured Protected Health Information\",\n            container: \"wpDataChart_16\",\n            follow_filtering: 0,\n            wpdatatable_id: 50,\n            group_chart: 0        }\n    <\/script>\n\n    <div id=\"wpDataChart_16\" class=\"highcharts_stacked_column_chart\" style=\"width: 100%\"><\/div>\n\n\n\n\n<p><b>Note<\/b>: ^a non-hacking\/IT incident includes all other types of reported health information breaches: theft, loss, improper disposal, unauthorized access\/disclosure, other, or unknown (not reported or data missing). See notes below for types of IT and devices involved in these incidents.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-number-of-individuals-affected-by-a-protected-health-information-breach-2010-2015\" style=\"padding-top:var(--wp--preset--spacing--60)\">Number of Individuals Affected by a Protected Health Information Breach: 2010-2015<\/h2>\n\n\n\n<p>Count of affected individuals by the type and source of information breach<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-left\" data-align=\"left\">&nbsp;<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2010<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2011<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2012<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2013<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2014<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2015<\/th><\/tr><\/thead><tbody><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"rowgroup\" colspan=\"7\">Type of Information Breach<\/th><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Hacking\/IT incident<\/th><td class=\"has-text-align-center\" data-align=\"center\">568,358<\/td><td class=\"has-text-align-center\" data-align=\"center\">297,269<\/td><td class=\"has-text-align-center\" data-align=\"center\">900,684<\/td><td class=\"has-text-align-center\" data-align=\"center\">236,897<\/td><td class=\"has-text-align-center\" data-align=\"center\">1,786,630<\/td><td class=\"has-text-align-center\" data-align=\"center\">111,812,172<br>(Of this total, 78M individuals (70%) were affected by a singular hacking\/IT incident, and 5 of the 51 hacking\/IT incidents affected 97% of all individuals)<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Improper disposal<\/th><td class=\"has-text-align-center\" data-align=\"center\">34,587<\/td><td class=\"has-text-align-center\" data-align=\"center\">63,948<\/td><td class=\"has-text-align-center\" data-align=\"center\">21,329<\/td><td class=\"has-text-align-center\" data-align=\"center\">526,538<\/td><td class=\"has-text-align-center\" data-align=\"center\">93,612<\/td><td class=\"has-text-align-center\" data-align=\"center\">82,421<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Loss<\/th><td class=\"has-text-align-center\" data-align=\"center\">924,909<\/td><td class=\"has-text-align-center\" data-align=\"center\">6,019,578<\/td><td class=\"has-text-align-center\" data-align=\"center\">95,815<\/td><td class=\"has-text-align-center\" data-align=\"center\">142,411<\/td><td class=\"has-text-align-center\" data-align=\"center\">243,376<\/td><td class=\"has-text-align-center\" data-align=\"center\">47,214<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Theft<\/th><td class=\"has-text-align-center\" data-align=\"center\">3,691,460<\/td><td class=\"has-text-align-center\" data-align=\"center\">4,720,129<\/td><td class=\"has-text-align-center\" data-align=\"center\">927,909<\/td><td class=\"has-text-align-center\" data-align=\"center\">5,397,989<\/td><td class=\"has-text-align-center\" data-align=\"center\">7,058,678<\/td><td class=\"has-text-align-center\" data-align=\"center\">740,598<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Unauthorized access\/disclosure<\/th><td class=\"has-text-align-center\" data-align=\"center\">130,106<\/td><td class=\"has-text-align-center\" data-align=\"center\">118,444<\/td><td class=\"has-text-align-center\" data-align=\"center\">338,767<\/td><td class=\"has-text-align-center\" data-align=\"center\">383,759<\/td><td class=\"has-text-align-center\" data-align=\"center\">3,019,284<\/td><td class=\"has-text-align-center\" data-align=\"center\">572,919<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Other breach<\/th><td class=\"has-text-align-center\" data-align=\"center\">158,593<\/td><td class=\"has-text-align-center\" data-align=\"center\">13,981<\/td><td class=\"has-text-align-center\" data-align=\"center\">503,900<\/td><td class=\"has-text-align-center\" data-align=\"center\">254,305<\/td><td class=\"has-text-align-center\" data-align=\"center\">413,878<\/td><td class=\"has-text-align-center\" data-align=\"center\">\u2014<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"rowgroup\" colspan=\"7\">Source of Information Breach<\/th><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Desktop computer<\/th><td class=\"has-text-align-center\" data-align=\"center\">246,643<\/td><td class=\"has-text-align-center\" data-align=\"center\">2,042,186<\/td><td class=\"has-text-align-center\" data-align=\"center\">81,385<\/td><td class=\"has-text-align-center\" data-align=\"center\">4,348,129<\/td><td class=\"has-text-align-center\" data-align=\"center\">2,378,304<\/td><td class=\"has-text-align-center\" data-align=\"center\">316,226<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Electronic medical record<\/th><td class=\"has-text-align-center\" data-align=\"center\">803,600<\/td><td class=\"has-text-align-center\" data-align=\"center\">1,720,064<br>(Of this total, 1.7M individuals (99%) were affected by a singular incident)<\/td><td class=\"has-text-align-center\" data-align=\"center\">136,751<\/td><td class=\"has-text-align-center\" data-align=\"center\">40,196<\/td><td class=\"has-text-align-center\" data-align=\"center\">121,845<\/td><td class=\"has-text-align-center\" data-align=\"center\">3,948,985<br>(Of this total, 3.9M individuals (99%) were affected by a singular incident)<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">E-mail<\/th><td class=\"has-text-align-center\" data-align=\"center\">8,050<\/td><td class=\"has-text-align-center\" data-align=\"center\">3,111<\/td><td class=\"has-text-align-center\" data-align=\"center\">294,308<\/td><td class=\"has-text-align-center\" data-align=\"center\">58,847<\/td><td class=\"has-text-align-center\" data-align=\"center\">519,625<\/td><td class=\"has-text-align-center\" data-align=\"center\">583,977<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Laptop<\/th><td class=\"has-text-align-center\" data-align=\"center\">1,507,914<\/td><td class=\"has-text-align-center\" data-align=\"center\">405,873<\/td><td class=\"has-text-align-center\" data-align=\"center\">575,529<\/td><td class=\"has-text-align-center\" data-align=\"center\">1,023,181<\/td><td class=\"has-text-align-center\" data-align=\"center\">1,273,612<\/td><td class=\"has-text-align-center\" data-align=\"center\">391,830<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Network server<\/th><td class=\"has-text-align-center\" data-align=\"center\">665,123<\/td><td class=\"has-text-align-center\" data-align=\"center\">613,963<\/td><td class=\"has-text-align-center\" data-align=\"center\">921,335<\/td><td class=\"has-text-align-center\" data-align=\"center\">320,127<\/td><td class=\"has-text-align-center\" data-align=\"center\">7,253,441<\/td><td class=\"has-text-align-center\" data-align=\"center\">107,252,466<br>(All but 26,000 individuals were affected by a hacking\/IT incident)<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Paper\/Film<\/th><td class=\"has-text-align-center\" data-align=\"center\">204,966<\/td><td class=\"has-text-align-center\" data-align=\"center\">103,711<\/td><td class=\"has-text-align-center\" data-align=\"center\">198,409<\/td><td class=\"has-text-align-center\" data-align=\"center\">575,076<\/td><td class=\"has-text-align-center\" data-align=\"center\">590,352<\/td><td class=\"has-text-align-center\" data-align=\"center\">229,743<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Portable Electronic Device<\/th><td class=\"has-text-align-center\" data-align=\"center\">29,714<\/td><td class=\"has-text-align-center\" data-align=\"center\">1,516<\/td><td class=\"has-text-align-center\" data-align=\"center\">124,978<\/td><td class=\"has-text-align-center\" data-align=\"center\">154,877<\/td><td class=\"has-text-align-center\" data-align=\"center\">141,110<\/td><td class=\"has-text-align-center\" data-align=\"center\">209,558<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Other source<\/th><td class=\"has-text-align-center\" data-align=\"center\">2,058,166<\/td><td class=\"has-text-align-center\" data-align=\"center\">8,259,368<\/td><td class=\"has-text-align-center\" data-align=\"center\">455,709<\/td><td class=\"has-text-align-center\" data-align=\"center\">422,381<\/td><td class=\"has-text-align-center\" data-align=\"center\">343,537<\/td><td class=\"has-text-align-center\" data-align=\"center\">322,539<\/td><\/tr><\/tbody><tfoot><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\" colspan=\"7\">Note: Each count above is the total number of individuals affected by a breach of the specific information source and the breach type. Individual reports of a breach may involve one or more information sources, i.e. laptop, e-mail, etc, and one or more breach types, i.e. theft, loss, etc. In those cases, there may be double-counting of the number of affected individuals or reported breaches in a specific year.<\/th><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\" colspan=\"7\">Source: U.S. Department of Health and Human Services (HHS) Office for Civil Rights. Breaches Affecting 500 or More Individuals. February 1, 2016.<\/th><\/tr><\/tfoot><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-number-of-reported-protected-health-information-breaches-2010-2015\" style=\"padding-top:var(--wp--preset--spacing--60)\">Number of Reported Protected Health Information Breaches: 2010-2015<\/h2>\n\n\n\n<p>Count of reported breaches by the type and source of information breach<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-left\" data-align=\"left\">&nbsp;<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2010<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2011<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2012<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2013<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2014<\/th><th class=\"has-text-align-center\" data-align=\"center\" scope=\"col\">2015<\/th><\/tr><\/thead><tbody><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"rowgroup\" colspan=\"7\">Type of Information Breach<\/th><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Hacking\/IT incident<\/th><td class=\"has-text-align-center\" data-align=\"center\">10<\/td><td class=\"has-text-align-center\" data-align=\"center\">16<\/td><td class=\"has-text-align-center\" data-align=\"center\">16<\/td><td class=\"has-text-align-center\" data-align=\"center\">23<\/td><td class=\"has-text-align-center\" data-align=\"center\">32<\/td><td class=\"has-text-align-center\" data-align=\"center\">57<br>(4 of these incidents involved an electronic medical record)<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Improper disposal<\/th><td class=\"has-text-align-center\" data-align=\"center\">10<\/td><td class=\"has-text-align-center\" data-align=\"center\">7<\/td><td class=\"has-text-align-center\" data-align=\"center\">7<\/td><td class=\"has-text-align-center\" data-align=\"center\">13<\/td><td class=\"has-text-align-center\" data-align=\"center\">11<\/td><td class=\"has-text-align-center\" data-align=\"center\">6<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Loss<\/th><td class=\"has-text-align-center\" data-align=\"center\">18<\/td><td class=\"has-text-align-center\" data-align=\"center\">17<\/td><td class=\"has-text-align-center\" data-align=\"center\">19<\/td><td class=\"has-text-align-center\" data-align=\"center\">24<\/td><td class=\"has-text-align-center\" data-align=\"center\">28<\/td><td class=\"has-text-align-center\" data-align=\"center\">22<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Theft<\/th><td class=\"has-text-align-center\" data-align=\"center\">127<\/td><td class=\"has-text-align-center\" data-align=\"center\">118<\/td><td class=\"has-text-align-center\" data-align=\"center\">117<\/td><td class=\"has-text-align-center\" data-align=\"center\">124<\/td><td class=\"has-text-align-center\" data-align=\"center\">113<\/td><td class=\"has-text-align-center\" data-align=\"center\">80<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Unauthorized access\/disclosure<\/th><td class=\"has-text-align-center\" data-align=\"center\">7<\/td><td class=\"has-text-align-center\" data-align=\"center\">26<\/td><td class=\"has-text-align-center\" data-align=\"center\">25<\/td><td class=\"has-text-align-center\" data-align=\"center\">63<\/td><td class=\"has-text-align-center\" data-align=\"center\">72<\/td><td class=\"has-text-align-center\" data-align=\"center\">100<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Other breach<\/th><td class=\"has-text-align-center\" data-align=\"center\">22<\/td><td class=\"has-text-align-center\" data-align=\"center\">2<\/td><td class=\"has-text-align-center\" data-align=\"center\">18<\/td><td class=\"has-text-align-center\" data-align=\"center\">24<\/td><td class=\"has-text-align-center\" data-align=\"center\">28<\/td><td class=\"has-text-align-center\" data-align=\"center\">0<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"rowgroup\" colspan=\"7\">Source of Information Breach<\/th><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Desktop computer<\/th><td class=\"has-text-align-center\" data-align=\"center\">28<\/td><td class=\"has-text-align-center\" data-align=\"center\">35<\/td><td class=\"has-text-align-center\" data-align=\"center\">23<\/td><td class=\"has-text-align-center\" data-align=\"center\">39<\/td><td class=\"has-text-align-center\" data-align=\"center\">29<\/td><td class=\"has-text-align-center\" data-align=\"center\">29<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Electronic medical record<\/th><td class=\"has-text-align-center\" data-align=\"center\">3<\/td><td class=\"has-text-align-center\" data-align=\"center\">6<\/td><td class=\"has-text-align-center\" data-align=\"center\">6<\/td><td class=\"has-text-align-center\" data-align=\"center\">14<\/td><td class=\"has-text-align-center\" data-align=\"center\">14<\/td><td class=\"has-text-align-center\" data-align=\"center\">16<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">E-mail<\/th><td class=\"has-text-align-center\" data-align=\"center\">5<\/td><td class=\"has-text-align-center\" data-align=\"center\">2<\/td><td class=\"has-text-align-center\" data-align=\"center\">10<\/td><td class=\"has-text-align-center\" data-align=\"center\">20<\/td><td class=\"has-text-align-center\" data-align=\"center\">36<\/td><td class=\"has-text-align-center\" data-align=\"center\">37<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Laptop<\/th><td class=\"has-text-align-center\" data-align=\"center\">50<\/td><td class=\"has-text-align-center\" data-align=\"center\">38<\/td><td class=\"has-text-align-center\" data-align=\"center\">51<\/td><td class=\"has-text-align-center\" data-align=\"center\">67<\/td><td class=\"has-text-align-center\" data-align=\"center\">42<\/td><td class=\"has-text-align-center\" data-align=\"center\">38<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Network server<\/th><td class=\"has-text-align-center\" data-align=\"center\">17<\/td><td class=\"has-text-align-center\" data-align=\"center\">16<\/td><td class=\"has-text-align-center\" data-align=\"center\">20<\/td><td class=\"has-text-align-center\" data-align=\"center\">30<\/td><td class=\"has-text-align-center\" data-align=\"center\">46<\/td><td class=\"has-text-align-center\" data-align=\"center\">41<br>(34 of these breaches involved a hacking\/IT incident)<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Paper\/Film<\/th><td class=\"has-text-align-center\" data-align=\"center\">46<\/td><td class=\"has-text-align-center\" data-align=\"center\">45<\/td><td class=\"has-text-align-center\" data-align=\"center\">47<\/td><td class=\"has-text-align-center\" data-align=\"center\">53<\/td><td class=\"has-text-align-center\" data-align=\"center\">62<\/td><td class=\"has-text-align-center\" data-align=\"center\">67<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Portable Electronic Device<\/th><td class=\"has-text-align-center\" data-align=\"center\">6<\/td><td class=\"has-text-align-center\" data-align=\"center\">2<\/td><td class=\"has-text-align-center\" data-align=\"center\">19<\/td><td class=\"has-text-align-center\" data-align=\"center\">20<\/td><td class=\"has-text-align-center\" data-align=\"center\">22<\/td><td class=\"has-text-align-center\" data-align=\"center\">15<\/td><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\">Other source<\/th><td class=\"has-text-align-center\" data-align=\"center\">42<\/td><td class=\"has-text-align-center\" data-align=\"center\">50<\/td><td class=\"has-text-align-center\" data-align=\"center\">26<\/td><td class=\"has-text-align-center\" data-align=\"center\">24<\/td><td class=\"has-text-align-center\" data-align=\"center\">34<\/td><td class=\"has-text-align-center\" data-align=\"center\">22<\/td><\/tr><\/tbody><tfoot><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\" colspan=\"7\">Note: Each count above is the total number of reported breach incidents of the specific information source and the breach type. Individual reports of a breach may involve one or more information sources, i.e. laptop, e-mail, etc, and one or more breach types, i.e. theft, loss, etc. In those cases, there may be double-counting of the number of reported incidents or reported breaches in a specific year.<\/th><\/tr><tr><th class=\"has-text-align-left\" data-align=\"left\" scope=\"row\" colspan=\"7\">Source: U.S. Department of Health and Human Services (HHS) Office for Civil Rights. Breaches Affecting 500 or More Individuals. February 1, 2016.<\/th><\/tr><\/tfoot><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Based upon data collected by the HHS Office for Civil Rights, as of February 1, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"template":"","meta":{"_acf_changed":false,"_selected_menu":"","_show_breadcrumbs":"true","footnotes":""},"categories":[],"topics":[126,72,84,82],"class_list":["post-165726","quick-stat","type-quick-stat","status-publish","hentry","topics-data","topics-hit-policy","topics-security","topics-security-privacy"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.3 (Yoast SEO v24.8.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Breaches of Unsecured Protected Health Information - ONC Health IT Research &amp; Analysis<\/title>\n<meta name=\"description\" content=\"Health IT Research and Analysis provides access to datasets, analysis, and reporting that monitor health information technology trends and Office of the National Coordinator for Health IT programs and policies.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Breaches of Unsecured Protected Health Information\" \/>\n<meta property=\"og:description\" content=\"Health IT Research and Analysis provides access to datasets, analysis, and reporting that monitor health information technology trends and Office of the National Coordinator for Health IT programs and policies.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/\" \/>\n<meta property=\"og:site_name\" content=\"ONC Health IT Research &amp; Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-20T21:00:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/healthit.gov\/data\/wp-content\/uploads\/sites\/2\/2025\/09\/ONC.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/\",\"url\":\"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/\",\"name\":\"Breaches of Unsecured Protected Health Information - ONC Health IT Research &amp; Analysis\",\"isPartOf\":{\"@id\":\"https:\/\/healthit.gov\/data\/#website\"},\"datePublished\":\"2021-06-28T22:16:27+00:00\",\"dateModified\":\"2026-02-20T21:00:19+00:00\",\"description\":\"Health IT Research and Analysis provides access to datasets, analysis, and reporting that monitor health information technology trends and Office of the National Coordinator for Health IT programs and policies.\",\"breadcrumb\":{\"@id\":\"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/healthit.gov\/data\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Breaches of Unsecured Protected Health Information\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/healthit.gov\/data\/#website\",\"url\":\"https:\/\/healthit.gov\/data\/\",\"name\":\"ONC - Office of the National Coordinator for Health IT\",\"description\":\"Better health enabled by data\",\"publisher\":{\"@id\":\"https:\/\/healthit.gov\/data\/#organization\"},\"alternateName\":\"ONC\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/healthit.gov\/data\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/healthit.gov\/data\/#organization\",\"name\":\"ONC - Office of the National Coordinator for Health IT\",\"alternateName\":\"ONC\",\"url\":\"https:\/\/healthit.gov\/data\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/healthit.gov\/data\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/healthit.gov\/data\/wp-content\/uploads\/sites\/2\/2025\/09\/ONC.jpg\",\"contentUrl\":\"https:\/\/healthit.gov\/data\/wp-content\/uploads\/sites\/2\/2025\/09\/ONC.jpg\",\"width\":1200,\"height\":628,\"caption\":\"ONC - Office of the National Coordinator for Health IT\"},\"image\":{\"@id\":\"https:\/\/healthit.gov\/data\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Breaches of Unsecured Protected Health Information - ONC Health IT Research &amp; Analysis","description":"Health IT Research and Analysis provides access to datasets, analysis, and reporting that monitor health information technology trends and Office of the National Coordinator for Health IT programs and policies.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/","og_locale":"en_US","og_type":"article","og_title":"Breaches of Unsecured Protected Health Information","og_description":"Health IT Research and Analysis provides access to datasets, analysis, and reporting that monitor health information technology trends and Office of the National Coordinator for Health IT programs and policies.","og_url":"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/","og_site_name":"ONC Health IT Research &amp; Analysis","article_modified_time":"2026-02-20T21:00:19+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/healthit.gov\/data\/wp-content\/uploads\/sites\/2\/2025\/09\/ONC.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/","url":"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/","name":"Breaches of Unsecured Protected Health Information - ONC Health IT Research &amp; Analysis","isPartOf":{"@id":"https:\/\/healthit.gov\/data\/#website"},"datePublished":"2021-06-28T22:16:27+00:00","dateModified":"2026-02-20T21:00:19+00:00","description":"Health IT Research and Analysis provides access to datasets, analysis, and reporting that monitor health information technology trends and Office of the National Coordinator for Health IT programs and policies.","breadcrumb":{"@id":"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/healthit.gov\/data\/quickstats\/breaches-unsecured-protected-health-information\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/healthit.gov\/data\/"},{"@type":"ListItem","position":2,"name":"Breaches of Unsecured Protected Health Information"}]},{"@type":"WebSite","@id":"https:\/\/healthit.gov\/data\/#website","url":"https:\/\/healthit.gov\/data\/","name":"ONC - Office of the National Coordinator for Health IT","description":"Better health enabled by data","publisher":{"@id":"https:\/\/healthit.gov\/data\/#organization"},"alternateName":"ONC","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/healthit.gov\/data\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/healthit.gov\/data\/#organization","name":"ONC - Office of the National Coordinator for Health IT","alternateName":"ONC","url":"https:\/\/healthit.gov\/data\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/healthit.gov\/data\/#\/schema\/logo\/image\/","url":"https:\/\/healthit.gov\/data\/wp-content\/uploads\/sites\/2\/2025\/09\/ONC.jpg","contentUrl":"https:\/\/healthit.gov\/data\/wp-content\/uploads\/sites\/2\/2025\/09\/ONC.jpg","width":1200,"height":628,"caption":"ONC - Office of the National Coordinator for Health IT"},"image":{"@id":"https:\/\/healthit.gov\/data\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/quick-stat\/165726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/quick-stat"}],"about":[{"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/types\/quick-stat"}],"author":[{"embeddable":true,"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/users\/3"}],"version-history":[{"count":28,"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/quick-stat\/165726\/revisions"}],"predecessor-version":[{"id":169319,"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/quick-stat\/165726\/revisions\/169319"}],"wp:attachment":[{"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/media?parent=165726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/categories?post=165726"},{"taxonomy":"topics","embeddable":true,"href":"https:\/\/healthit.gov\/data\/wp-json\/wp\/v2\/topics?post=165726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}