A new report issued by Safetica USA has organized data breaches affecting over 500 individuals that were self-reported to the Office for Civil Rights (OCR) in 2016 into a list by state and records exposed.

The report identifies the states in which health care providers who reported a data breach are located by the number of breaches and how many records were affected. According to the report, nationally in 2016, 41.5 percent of the reported breaches were caused by unauthorized access or disclosure, 31.8 percent were caused by hacking and/or information technology incidents, 19 percent were caused by theft, 5.4 percent were caused by loss, and 2.3 percent were caused by improper disposal. These statistics are a road map for health care providers on mapping the risks to health care data.

The top reported breaches by state are:

  • California with 39 breaches
  • Florida with 28 breaches
  • Texas with 23 breaches
  • New York with 15 breaches
  • Illinois, Indiana and Washington with 12 breaches
  • Ohio and Pennsylvania with 11 breaches
  • Michigan with 10 breaches
  • Arizona and Arkansas with 9 breaches
  • Georgia and Minnesota with 8 breaches and
  • Colorado and Missouri with 7 breaches.

The report lists the worst data breaches per record compromised as:

  • Arizona with 4,524,278 records
  • New York with 3,588,554 records
  • Florida with 2,872,912 records
  • California with 1,436,701 records and
  • Georgia with 782,956 records.

Obviously, the report confirms that the highest number of health care breaches are from states that have a higher population and more health care providers. Those states that only had one breach affecting over 500 individuals in 2016 include Alaska, Delaware, Hawaii, New Hampshire, Nevada, Utah, and Wyoming.