Skip to main content

Reported data breaches - 2015, HHS

In 2016, the Office of Civil Rights at Health and Human Services is expected to conduct HIPAA Phase 2 audits at about 350 Covered Entities. They will check to see that a robust security policy is in place. For more details, see our post about these audits.

The U.S. Department of Health and Human Services, Office of Civil Rights, maintains a database of data breaches of protected health information affecting 500 or more individuals. The table we provided on this page is a summary of a search of the database for breach records pulled for 2015 as of December 28, 2015. It is often the case that HHS will post additional breach reports for previous years as the information comes available, so the number of breaches and affected individuals may rise.

Type of Reported Breach
Jan 1, 2015 - Dec 28, 2015
Individuals Affected Covered Entities Impacted
Hacking/IT Incident 111,803,342 56
Improper Disposal 76,226 5
Loss 47,214 22
Theft 702,288 74
Unauthorized Access/Disclosure 570,017 96
Grand Total 113,199,087 254

You can search the database yourself at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. The organizations that make up the 22 "losses" that caused potential data breaches are listed here:

Name of Covered Entity State
New Dimension Group, LLC NC
Dean Health Plan WI
Children's Hospital Medical Center of Akron OH
Cancer Care Northwest WA
Lawrence General Hospital MA
Sioux Falls VA Health Care System SD
The McLean Hospital Corporation MA
OhioHealth OH
Maricopa Special  Health Care District - Maricopa Integrated Health System AZ
Amsterdam Nursing Home Corporation (1992) NY
Ventura County Health Care Agency CA
Walgreen Co. IL
Clinical Reference Laboratory, Inc. KS
CompuNet Clinical Laboratories OH
New York State Office of Mental Health Nathan S. Kline Institute for Psychiatric Research NY
Pediatric Associates FL
Life Care Center of Attleboro MA
Community Health Network IN
Valley COmmunity Healthcare CA
Clinical Reference Laboratory, Inc. KS
Haywood County NC NC
Tomas, Arturo IL


Cascade also maintains a list of data breaches related to poorly managed IT Asset Disposition programs. If you want justification for managing a comprehensive and effective data destruction program, use this information to support your position.