BreachExchange mailing list archives
10 Key Findings from HHS' Latest Data Breach Report
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 18 Jun 2014 19:17:47 -0600
http://www.beckershospitalreview.com/healthcare-information-technology/10-key-findings-from-hhs-latest-data-breach-report.html HHS has released its latest data breach report to Congress, summarizing breaches of unsecured protected health information for 2011 and 2012. Here are 10 key findings from HHS' report. 1. Between 2011 and 2012, HHS received 458 reports of data breaches affecting 500 or more individuals. In total, approximately 14.69 million individuals were affected by breaches during those two years. 2. The number of data breaches affecting more than 500 people in 2011 and 2012 accounts for 64.5 percent of all data breaches affecting more than 500 people since the required reporting began in September 2009. 3. Theft was the most common cause of reported data breaches, accounting for 53 percent of all breaches, followed by unauthorized access or disclosure at 18 percent. 4. The largest number of individuals affected by data breaches was also connected with breaches due to theft, at 36 percent of all affected. 5. In 2012, 68 percent of breaches affecting 500 individuals or more occurred at healthcare providers. Twenty-five percent occurred at healthcare business associates and 7 percent occurred at health plans. 6. The majority of compromised protected health information was stored on laptop computers (27 percent). Twenty-three percent was on paper, 13 percent was on a network server, 12 percent was on a desktop computer and 9 percent was on a portable electronic device. 7. In 2012, there were 21,194 reported breaches affecting fewer than 500 individuals. Such data breaches affected a total of 165,135 individuals. 8. Of data breaches affecting fewer than 500 individuals in 2012, 83 percent took place at a healthcare provider and 17 percent took place at a health plan. 9. Breaches involving 500 or more individuals in 2011 and 2012 contributed to 0.97 percent of reports, but accounted for 97.89 percent of affected individuals. 10. The Office of Civil Rights opened investigations into all the 458 reported breaches affecting 500 individuals or more. At time of publication of the report, HHS has entered agreements totaling more than $8 million in settlements.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- 10 Key Findings from HHS' Latest Data Breach Report Audrey McNeil (Jun 25)