A significant increase in the risk for exposure of health information in the United States: result from analysing the US data breach registry

Johan Gustav Bellika
Norwegian Centre for e-health research, University hospital of North Norway, Tromsø, Norway / Department of Clinical Medicine, Faculty of Health Sciences, UiT The Arctic University of Norway

Alexandra Makhlysheva
Norwegian Centre for e-health research, University hospital of North Norway, Tromsø, Norway

Per Atle Bakkevoll
Norwegian Centre for e-health research, University hospital of North Norway, Tromsø, Norway

Ladda ner artikel

Ingår i: Proceedings from The 15th Scandinavian Conference on Health Informatics 2017 Kristiansand, Norway, August 29–30, 2017

Linköping Electronic Conference Proceedings 145:9, s. 55-59

Visa mer +

Publicerad: 2018-01-04

ISBN: 978-91-7685-364-1

ISSN: 1650-3686 (tryckt), 1650-3740 (online)


The study surveys the probability and consequences of protected health information (PHI) data breaches. We analysed the development of data breaches in the US data breach registry available online in 2010-2016 by focusing on two PHI breach categories: theft and loss, and hacking and unauthorised use. 79% of all analysed PHI breaches was the result of hacking or unauthorised use versus 19% caused by loss or theft. Totally over 171 million persons were affected by PHI breaches during the analysed period, which corresponds to 54% of the US population. On average, 4.6 million persons are annually affected by theft or loss of PHI versus 19.4 million affected by hacking and unauthorised use of PHI. The number of hacking attacks increased by 15 times from 2010 to 2016. The largest single loss of PHI so far is 78.8 million records. The analysis has shown the risk of PHI breaches in the US is high and significantly increasing. In Scandinavian settings, such a risk would imply measures to reduce both probability and consequence of breaches


Computer Security, Cybersecurity, Risk Assessment


[1] HSØ RHF. 2017, May 24. Foreløpig redegjørelse iMod V1.pdf. Retrieved June 23, 2017, from https://www.helsesorost.no/Documents/Styret/Styrem%C3%B8ter/2017/20170524/2017-05-24%20HS%C3%98%20RHF%20-%20Forel%C3%B8pig%20redegj%C3%B8relse%20iMod%20V1.pdf

[2] Blumenthal, D., & McGraw, D. 2015. Keeping personal health information safe: the importance of good data hygiene. JAMA, 313(14), 1424. https://doi.org/10.1001/jama.2015.2746

[3] Filkins, B. L., Kim, J. Y., Roberts, B., Armstrong, W., Miller, M. A., Hultner, M. L., … Steinhubl, S. R. 2016. Privacy and security in the era of digital health: what should translational researchers know and do about it? American Journal of Translational Research, 8(3), 1560–1580.

[4] ISO/IEC 27005 risk management standard. (n.d.). Retrieved June 23, 2017, from

[5] Liu, V., Musen, M. A., & Chou, T. (2015). Data Breaches of Protected Health Information in the United States. JAMA, 313(14), 1471. https://doi.org/10.1001/jama.2015.2252

[6] NOT-OD-15-086: Notice for Use of Cloud Computing Services for Storage and Analysis of Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy. (n.d.). Retrieved May 15, 2017, from https://grants.nih.gov/grants/guide/noticefiles/NOT-OD-15-086.html

[7] Privacy | HHS.gov. (n.d.). Retrieved May 15, 2017, from https://www.hhs.gov/hipaa/forprofessionals/privacy/

[8] U.S. Department of Health & Human Services – Office for Civil Rights. (n.d.). Retrieved May 15, 2017, from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Citeringar i Crossref