Large Scale Hacking Attacks Dominate 2015 Statistics. Over 100 Million Patient Records Affected

Redspin has released its Breach Report 2015: Protected Health Information (PHI). The annual report, now in its sixth year, provides in-depth analysis of the causes of PHI breaches reported to the Department of Health and Human Services (HHS).

Unlike previous years, hackers were the leading cause of PHI breach in 2015 by an overwhelming margin. Hacking attacks factored in 9 of the 10 largest breach incidents of the year and those incidents led to the compromise of 98.1% of all patient records breached in 2015. "Healthcare organizations are under attack," said Daniel W. Berger, President of Redspin. "For those entrusted to protect patient data, the security challenges are now that much more difficult."

Protected health information commands a high value on the black market. It is rich in demographics and other highly sensitive information such as patient diagnoses, insurance information, and prescriptions. Unlike credit card numbers, once PHI is stolen it is not cancellable or recoverable. In the wrong hands, it can result in medical ID theft and fraud. 

Redspin reports that "phishing" -- tricking employees into disclosing their login ID's and passwords through fraudulent emails or other methods -- played a role in many of the 2015 hacking attacks. Once the malicious hackers have network credentials, they locate and pilfer PHI databases. "Phishing attacks exploit natural human tendencies like curiosity and helpfulness, often with devastating consequences," added Berger.

A copy of Redspin's "Breach Report 2015: Protected Health Information (PHI)" can be downloaded at:

back to top