Number of Reported Hacking and IT Breaches Affecting Health Care Records of 500 People or More

Note: In January 2015, the Office of Civil Rights (OCR) provided additional guidance to reporting entities which directed them to report some breaches as hacking or IT incidents instead of as theft as they may have previously reported.

Data Source: GAO analysis of Department of Health and Human Services data.

Source: U.S. Government Accountability Office: Electronic Health Information: HHS Needs to Strengthen Security and Privacy Guidance and Oversight