The number of large data breaches under the Health Insurance Portability and Accountability Act (HIPAA) that have been reported to the U.S. Department of Health and Human Services (HHS) has increased from 239 to 885 in less than a year, according to legal firm Fox Rothschild LLP.
The largest protected health information (PHI) breach added to HHS’ "wall of shame" (affecting 500 or more individuals) since late June is a hacking incident at the Montana Department of Health and Human Services.
It took more than three years between the inception of the HHS list on March 4, 2010 and August 13, 2013, to reach 646 postings, for an annualized average of approximately 189 postings per twelve-month period. In less than twelve months from August 13, 2013 to July 29, 2014, 239 more have joined the list.
The most common breach type is theft; 430 of the 885 list breaches reported the breach type to involve “theft” of all kinds, including laptops, other portable electronic devices, desktop computers, network servers, paper records and others, according to the law firm.
Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.