In this study, the relationship between data breach characteristics and the number of individuals affected by these violations was considered. Data were acquired from the Department of Health and Human Services breach reporting database and analyzed using SPSS. Regression analyses revealed that the hacking/IT incident breach type and network server breach location were the most significant predictors of the number of individuals affected; however, they were not predictive when combined. Moreover, network server location and unauthorized access/disclosure breach type were predictive when combined. Additional analyses of variance revealed that covered entity type and business associate presence were significant predictors, while the geographic region of a breach occurrence was insignificant. The results of this study revealed several associations between healthcare breach characteristics and the number of individuals affected, suggesting that more individuals are affected in hacking/IT incidents and network server breaches independently and that network server breach location and unauthorized access/disclosure breach type were predictive in combination.
Keywords: breach portal; cyber-analytics; data breach; protected health information; security; security modeling.