U.S. Healthcare Data Breach Visualization

Problem: Healthcare organizations face significant challenges in safeguarding patient data due to the constantly evolving threat of cyberattacks. A data breach could not only result in reputational damage and legal consequences but also cause harm to patients. Healthcare organizations need to conduct regular risk assessments to identify potential vulnerabilities and threats to patient data security and develop data security strategies to mitigate those
risks.

Solution: The use of a visualization tool may be effective for healthcare organizations to enhance their security systems and safeguard patient data. This visualization tool will showcase health data breaches reported by the U.S. Department of Health and Human Services that are currently being investigated by the Office for Civil Rights. Attributes that will be visible are the name of the state, the state where the breach occurred, the number of breaches
by breach type, the type of breach, the location of breach information, and the year of the breach. This can be used to identify connections with states that have experienced data breaches, allowing healthcare organizations to conduct more targeted risk assessments and develop more effective data security strategies.

Use Case: A healthcare organization is taking proactive steps to enhance its security system and safeguard patient data. They recognize that a data breach could not only result in reputational damage and legal consequences but also cause harm to their patients. They plan to use a visualization tool to identify any connections with states in the United States that have experienced data breaches. By doing so, they can assess the potential impact on their own systems and procedures and develop strategies to mitigate any risks. This would not only help them to comply with privacy regulations but also increase trust with their patients. In addition to being a useful tool for healthcare organizations, the visualization tool could also be relevant to healthcare users who are choosing a healthcare entity in a region of the United States. They could use the tool to view the states that have been affected by data breaches or information exposure. By seeing this information, users could make an informed decision about whether they feel comfortable entrusting their data
to an organization based in a specific state or whether they should consider an alternative option.

Data: The data was collected by the U.S. Department of Health and Human Services, which is currently being investigated by the Office for Civil Rights. The original dataset can be found at this link: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf . The U.S. Department of Health and Human Services is a sector of the United States government that promotes the well-being and health of all Americans by supporting services that emphasize the science behind medicine, public health, and social services. The data demonstrates a list of data breaches reported within the last 24 months that have affected 500 or more individuals with unsecured health information. It shows the name of the covered entity, also known as the organization or company that was affected by a data breach, the type of covered entity, and the type of breach. Additionally, the state, the date of the submitted breach, and the number of individuals affected are shown.

Design Process: Breaches will be displayed geographically on a U.S. map. The states will be color-coded using a gradient to distinguish how many people were affected by breaches (the darker the hue is, the more people were affected, and vice versa). When a user hovers over a state, the state will highlight, and its individual breaches will pop up and enlarge as circles with pointers to the state. Each circle will contain more details about the breach, such as the organization, the type of breach, what was breached, and the number of people affected. The size of these circles will reflect how many people were affected (the bigger the circle is, the more people were affected, and vice versa). The user can also select the type of breach they want to see, and the visualization will update accordingly. A separate view will display a scatter plot plotting the date of the breach and the number of people affected. When a user hovers over a state, the points on the scatter plot that coordinate
with the breaches present in that state will change color.

Final Design: Final Design: This visualization is designed to show the number of HIPAA data breaches in the United States from 2021-2023. It contains an interactive United States map that is linked to a bar chart that shows the number of HIPAA data breaches by the type of data breach, which is either a hacking/IT incident, unauthorized access/disclosure, theft, improper disposal, or loss. The bar chart contains a filter that allows the user to click on a year from 2021-2023 to see the data for a state in that year.

How to use the visualization:

1) Click on any state in the United States map which will then be highlighted from blue to red.
2) Once a state is selected, scroll down to the bar chart and clean on a year from the filter buttons.
3) Once a filter button is selected, you will be able to see the number of data breaches by data breach type for that year and specific state.
4) Since the data is updated by year, you can click on other filter buttons to see the data for another year.

If a user wants to see the data for another state, they can return to the United States map and click on another state. Once another state is selected, the user would repeat the steps by going to the bar chart and clicking on a filter button to see the data for that specific year. If a user wants to see the number of HIPAA breaches by type for the United States as a whole, the user could click on any whitespace or any spot outside of the United States map, scroll
down to the bar chart, and click on a filter button. This would allow the user to see the number of HIPAA breaches by type for the United States in general for each year from 2021-2023.