U.S. Healthcare Data Breach Visualization
Problem:
Healthcare organizations face significant challenges in safeguarding patient data amid the constantly evolving threat of cyberattacks. A data breach could result not only in reputational damage and legal consequences but also in harm to patients. Healthcare organizations need to conduct regular risk assessments to identify potential vulnerabilities and threats to patient data security and develop data security strategies to mitigate those
risks.
Solution:
The use of a visualization tool may be effective for healthcare organizations to enhance their security systems and safeguard patient data. This visualization tool will showcase health data breaches reported to the U.S. Department of Health and Human Services that are currently under investigation by the Office for Civil Rights. The attributes that will be visible are the name of the state, the state where the breach occurred, the number of breaches by breach type, the type of breach, the location of the breach information, and the year of the breach. This can be used to identify connections with states that have experienced data breaches, allowing healthcare organizations to conduct more targeted risk assessments and develop more effective data security strategies.
Use Case:
A healthcare organization is taking proactive steps to enhance its security system and safeguard patient data. They recognize that a data breach could result not only in reputational damage and legal consequences but also in harm to their patients. They plan to use a visualization tool to identify any connections with states in the United States that have experienced data breaches. By doing so, they can assess the potential impact on their own systems and procedures and develop strategies to mitigate any risks. This would not only help them to comply with privacy regulations but also increase trust with their patients. In addition to being a useful tool for healthcare organizations, the visualization tool could also be relevant to healthcare users who are choosing a healthcare entity in a region of the United States. They could use the tool to view the states affected by data breaches or information exposure. By seeing this information, users can make an informed decision about whether they feel comfortable entrusting their data to an organization based in a specific state or whether they should consider an alternative.
Data:
The data were collected by the U.S. Department of Health and Human Services, which is currently under investigation by the Office for Civil Rights. The original dataset can be found at this link: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. The U.S. Department of Health and Human Services is a federal agency that promotes the well-being and health of all Americans by supporting services that emphasize the science underlying medicine, public health, and social services. The data list breaches reported within the last 24 months that affected 500 or more individuals and involved unsecured health information. It shows the name of the covered entity (the organization or company affected by a data breach), the type of covered entity, and the type of breach. Additionally, the state, the date of the submitted breach, and the number of individuals affected are shown.
Design Process:
Breaches will be displayed geographically on a U.S. map. The states will be color-coded using a gradient to indicate how many people were affected by breaches (the darker the hue, the more people were affected, and vice versa). When a user hovers over a state, the state highlights, and its individual breaches pop up and enlarge as circles with pointers to the state. Each circle will contain more details about the breach, such as the organization, the type of breach, what was breached, and the number of people affected. The size of these circles reflects how many people were affected (the bigger the circle, the more people were affected, and vice versa). The user can also select the type of breach they want to see, and the visualization will update accordingly. A separate view will display a scatter plot of the breach date and the number of people affected. When a user hovers over a state, the points in the scatter plot that correspond to breaches in that state will change color.
Final Design:
This visualization shows the number of HIPAA data breaches in the United States from 2021 to 2023. It contains an interactive United States map linked to a bar chart showing the number of HIPAA data breaches by type: hacking/IT incident, unauthorized access/disclosure, theft, improper disposal, or loss. The bar chart includes a filter that lets the user click a year from 2021 to 2023 to view the data for that state.
How to use the visualization:
1) Click on any state in the United States map, which will then be highlighted from blue to red.
2) Once a state is selected, scroll down to the bar chart and clean on a year from the filter buttons.
3) Once a filter button is selected, you will be able to see the number of data breaches by data breach type for that year and specific state.
4) Since the data is updated by year, you can click on other filter buttons to see the data for another year.
If a user wants to see the data for another state, they can return to the United States map and click on another state. Once another state is selected, the user can repeat the steps by going to the bar chart and clicking a filter button to view the data for that specific year. If a user wants to see the number of HIPAA breaches by type for the United States as a whole, the user can click any blank area or any spot outside the United States map, scroll down to the bar chart, and click the filter button. This would allow the user to see the number of HIPAA breaches by type in the United States for each year from 2021 to 2023.
​
​
