data.frame of cyber security breaches involving
health care records of 500 or more humans reported to
the U.S. Department of Health and Human Services (HHS)
as of June 27, 2014.
data(breaches)data.frame with 1055 observations on the
following 24 variables:
factor giving the name of the entity
experiencing the breach
integer number of humans whose records
were compromised in the breach. This is 500 or greater;
U.S. law requires reports of breaches involving 500 or
more records but not of breaches involving fewer.
character vector giving the date or date
range of the breach. Recodes as Dates in
breach_start and breach_end.
factor with 29 levels giving the type of
breach (e.g., "Theft" vs., "Unauthorized
Access/Disclosure", etc.)
factor with 41 levels coding the
location from which the breach occurred (e.g., "Paper",
"Laptop", etc.)
Date the information was posted to the HHS
data base or last updated.
character vector of a summary of the
incident.
Date of the start of the incident = first
date given in Date_of_Breach above.
breach_end
Date of the end of the incident or NA if
only one date is given in Date_of_Breach above. year
integer giving the year of the breach | Number | Name of Covered Entity | Corrections |
| 45 | Wyoming Department of Health | |
| Cause of breach was missing. Added "Unauthorized | ||
| Access / Disclosure" per smartbreif.com/03/29/10 | 55 | Reliant Rehabilitation Hospital North |
| Cause of breach was missing. Added "Unauthorized |
|
Houston |
| Access / Disclosure" per Dissent. "Two Breaches | ||
| Involving Unauthorized Access Lead to Notification." | ||
| PHIprivacy.net. N.p., 20 Apr. 2010. | 123 |
Aetna |
| Cause of breach was missing. Added Improper | ||
| disposal per Aetna.com/news/newsReleases/2010/0630 | 157 | Mayo Clinic |
| Cause of breach was missing. Added Unauthorized | ||
| Access/Disclosure per Anderson, Howard. "Mayo Fires | ||
| "Employees in 2 Incidents: Both Involved | ||
| Unauthorized Access to Records." | ||
| Data Breach Today. N.p., 4 Oct. 2010 | 341 | Saint Barnabas MedicL Center |
| Misspelled "Saint Barnabas Medical Center" | 347 | Americar Health Medicare |
| Misspelled "American Health Medicare" | 484 | Lake Granbury Medicl Ceter |
| Misspelled "Lake Granbury Medical Center" | 782 | See list of Practices under Item 9 |
| Replaced name as "Cogent Healthcare, Inc." checked | ||
| from XML and web documents | 805 | Dermatology Associates of Tallahassee |
| Had 00/00/0000 on breach date. This was crossed | ||
| check to determine that it was Sept 4, 2013 with 916 records | 815 | Santa Clara Valley Medical Center |
| Mistype breach year as 09/14/2913 corrected as 09/14/2013 | 961 | Valley View Hosptial Association |
| Misspelled "Valley View Hospital Association" | 1034 |
Bio-Reference Laboratories, Inc. |
| Date changed from 00/00/000 to 2/02/2014 as | ||
| subsequently determined. | Number | Name of Covered Entity |
HHSCyberSecurityBreaches for a version of
these data downloaded more recently. This newer version
includes changes in reporting and in the variables included
in the data.frame.
data(breaches)
quantile(breaches$Individuals_Affected)
# confirm that the smallest number is 500
# -- and the largest is 4.9e6
# ... and there are no NAs
dDays <- with(breaches, breach_end - breach_start)
quantile(dDays, na.rm=TRUE)
# confirm that breach_end is NA or is later than
# breach_start
Run the code above in your browser using DataLab