Massive Health Record Breaches Evidenced by the Office for Civil Rights Data

  • Waldemar W. KOCZKODAJ Computer Sciences, Laurentian University, Sudbury, Canada
  • Jolanta MASIAK Independent Neurophysiological Unit, Department of Psychiatry, Medical University of Lublin, Lublin, Poland
  • Mirosław MAZUREK Faculty of Electrical and Computer Engineering, Rzeszów University of Technology, Al. Powstańców Warszawy 12, 35-959 Rzeszów, Poland
  • Dominik STRZAŁKA Faculty of Electrical and Computer Engineering, Rzeszów University of Technology, Al. Powstańców Warszawy 12, 35-959 Rzeszów, Poland
  • Pavel F. ZABRODSKII Saratov Medical University "REAVIZ", Saratov, Russia
Keywords: Health, Civil rights, Health data breaches


Background: Using data collected by the Office for Civil Rights, Department of Health and Human Services (HHS), over half of the population in the USA might have been affected by security breaches since Oct 2009. This study provided analysis of the data, presenting the numbers of individuals affected in one breach and the number of breaches. Methods: Statistical analysis has been conducted with visualizations. Visualizations include categorized histograms and tables. Histograms are presented as bar charts with categories: location and breach type. Tables show case counts (across top 10 breaches and those with more than one million stolen records) in successive years and covered entity types. All statistics were calculated with the use of package R. Analyzed data were collected from Oct 2009 till Jun 2017. Results: This study presents evidence of health data breaches taking place at an unprecedented level. Medical records of at least 173 million of people, gathered since Oct 2009, have been breached and might have adversely influenced over half of the population in the USA. Conclusion: Results of this study are expected to motivate public care authorities to develop similar laws and regulations as the USA while striving for better law enforcement. It takes a considerable amount of time to educate public and it takes substantial financial resources to prevent data breaches.    


1. Brennan TA, Leape LL, Laird NM, et al (1991). Incidence of adverse events and negligence in hospitalized patients. Re-sults of the Harvard Medical Practice Study I. N Engl J Med, 324(6): 370-6.
2. Leape LL, Brennan TA, Laird N, et al (1991). The nature of adverse events in hospitalized patients. Results of the Har-vard Medical Practice Study II. N Engl J Med, 324(6):377-84.
3. Amante DJ, Hogan TP, Pagoto SL (2015). Access to care and use of the internet to search for health information: Results from the USs National Health Interview Survey. J Med Internet Res, 17(4): e106.
4. Vos T, Flaxman AD, Naghavi M (2012). Years lived with disability (YLDs) for 1160 sequelae of 289 diseases and injuries 1990-2010: a systematic analysis for the Global Burden of Disease Study 2010. Lancet, 380(9859): 2163-2196.
5. Quantin C, Bouzelat H, Allaert FA et al (1998). How to ensure data security of an epidemiological follow-up: quality as-sessment of an anonymous record link-age procedure. Int J Med Inform, 49(1): 117-122.
6. Mercuri RT (2004). The HIPAA-potamus in health care data security. Commun ACM, 47(7): 25-28.
7. Kowal B, Dymora P, Mazurek M (2016). Se-lected attacks on database systems. Rzeszow University of Technology Scientific Let-ters, 35(2): 67-77 (in Polish)
8. Ahsan S, Ahah A (2008). Data Mining, Se-mantic Web and Advanced Information Technologies for fighting terrorism. Inter-national Symposium on Biometrics and Security Technologies, 71-75.
9. Weimann G (2016). Terrorist Migration to the Dark Web. Perspectives on Terrorism, 10(3): 40-44
10. Sachan A (2012). Countering Terrorism through Dark Web Analysis. Third Inter-national Conference on Computing Communication & Networking Technol-ogies.
11. Cho YC, Pan JY (2015). Design and Im-plementation of Website Information Disclosure Assessment System. PLoS One, 10(3):e0117180.
12. Bastani P, Abolhasani N, Shaarbafchizadeh N (2014). Electronic Health in Perspective of Healthcare Managers: A Qualitative Study in South of Iran. Iran J Public Health, 43(6):809-20.
13. Rajabi F, Esmailzadeh H, Rostamigooran N, et al (2013). Future of Health Care Deliv-ery in Iran, Opportunities and Threats. Iran J Public Health, 42(Supple1): 23–30.
15. Nigrin DJ (2014). When ’hacktivists’ target your hospital. N Engl J Med, 371(5): 393-5.
16. Health information technology, 2009,
17. Crotty BH, Mostaghimi A (2014). Confiden-tiality in the digital age. BMJ, 348:g2943.
18. O’Connor J (2011). Informational privacy, public health, and state laws. Am J Public Health, 101(10): 1845-1850.
19. Redlich RM, Nemzow MA (2006). Data se-curity system and method responsive to electronic attacks. US Patent 7,146,644.
20. Juan T (2016). Risk Assessment of Comput-er Network Security in Banks. IJSIA, 10(4): 1-10.
21. Smith A, Greenbaum D, Douglas SM et al (2005). Network security and data integri-ty in academia: an assessment and a pro-posal for large-scale archiving. Genome Bi-ol, 6(9): 119.
22. Cavusoglu H, Mishra B, Raghunathan S (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. Int J Electron Comm, 9(1): 70-104.
How to Cite
W. KOCZKODAJ W, MASIAK J, MAZUREK M, STRZAŁKA D, ZABRODSKII PF. Massive Health Record Breaches Evidenced by the Office for Civil Rights Data. Iran J Public Health. 48(2):278-288.
Original Article(s)