10 Key Findings from HHS' Latest Data Breach Report

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.beckershospitalreview.com/healthcare-information-technology/10-key-findings-from-hhs-latest-data-breach-report.html

HHS has released its latest data breach report to Congress, summarizing
breaches of unsecured protected health information for 2011 and 2012.

Here are 10 key findings from HHS' report.

1. Between 2011 and 2012, HHS received 458 reports of data breaches
affecting 500 or more individuals. In total, approximately 14.69 million
individuals were affected by breaches during those two years.

2. The number of data breaches affecting more than 500 people in 2011 and
2012 accounts for 64.5 percent of all data breaches affecting more than 500
people since the required reporting began in September 2009.

3. Theft was the most common cause of reported data breaches, accounting
for 53 percent of all breaches, followed by unauthorized access or
disclosure at 18 percent.

4. The largest number of individuals affected by data breaches was also
connected with breaches due to theft, at 36 percent of all affected.

5. In 2012, 68 percent of breaches affecting 500 individuals or more
occurred at healthcare providers. Twenty-five percent occurred at
healthcare business associates and 7 percent occurred at health plans.

6. The majority of compromised protected health information was stored on
laptop computers (27 percent). Twenty-three percent was on paper, 13
percent was on a network server, 12 percent was on a desktop computer and 9
percent was on a portable electronic device.

7. In 2012, there were 21,194 reported breaches affecting fewer than 500
individuals. Such data breaches affected a total of 165,135 individuals.

8. Of data breaches affecting fewer than 500 individuals in 2012, 83
percent took place at a healthcare provider and 17 percent took place at a
health plan.

9. Breaches involving 500 or more individuals in 2011 and 2012 contributed
to 0.97 percent of reports, but accounted for 97.89 percent of affected
individuals.

10. The Office of Civil Rights opened investigations into all the 458
reported breaches affecting 500 individuals or more. At time of publication
of the report, HHS has entered agreements totaling more than $8 million in
settlements.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!