Large-Scale Data Breaches Have Increased, but Fewer Patients Affected, Report Says | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Large-Scale Data Breaches Have Increased, but Fewer Patients Affected, Report Says

February 14, 2013
by Rajiv Leventhal
| Reprints

According to a report from Carpinteria, Calif.-based Redspin Inc., a provider of IT security assessments, the number of large-scale health data breaches increased from 2011 to 2012, but the number of patients affected by such breaches decreased last year. The report, titled “Breach Report 2012, Protected Health Information,” examined a total of 538 incidents affecting over 21.4 million individuals since the interim breach notification rule under the HITECH Act went into effect in August 2009.

The report found that the number of health data breaches affecting 500 or more individuals increased from 121 in 2011 to 146 in 2012. However, the number of patient records affected by such breaches decreased from 10.6 million in 2011 to 2.4 million in 2012, according to the report.

Over half of all breaches (57 percent) have involved "business associates," third-party vendors that need access to protected health information (PHI) to provide their services to covered entities. "The recently-published HIPAA Omnibus Rule now requires business associates to comply with HIPAA privacy and security regulations directly and extends civil liability to BAs for PHI breach," said Daniel Berger, Redspin’s president and CEO. "This is a major regulatory change. But health providers should not just assume all BAs will comply—they need to be proactive, working closely with their business partners to build a secure 'chain of PHI custody.'"

Redspin also reported that the lack of encryption on laptops and other portable electronic devices is the root cause of over one-third of PHI breaches (38 percent). The company suggested that encrypting portable devices be more widely implemented and enforced given the surge in the use of personally-owned mobile devices at work.

Redspin warned that personal health records are high value targets for cybercriminals as they can be exploited for identity theft, insurance fraud, stolen prescriptions, and dangerous hoaxes—even held for ransom. Although there has been a relatively low incident rate of hacking among all PHI breaches to date, Berger said that last year's attack on the Utah Department of Health "may be the canary in the coal mine."

Topics

News

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.

AMIA Warns of Tax Bill’s Impact on Graduate School Programs in Informatics

Provisions in the Republican tax bill that would count graduate student tuition waivers as taxable income would have detrimental impacts on the viability of fields such as informatics, according to the American Medical Informatics Association.

Appalachia Project to Study Relationship Between Increased Broadband Access, Improved Cancer Care

The Federal Communications Commission and the National Cancer Institute have joined forces to focus on how increasing broadband access and adoption in rural areas can improve the lives of rural cancer patients.

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.