Since federal reporting requirements kicked in, the U.S. Department of Health and Human Services (HHS)' database of major breach reports have affected some 30.1 million patients spanning over 944 incidents, according to recent analysis in the Washington Post's "Wonkblog."
The blog, written by health policy reporter Jason Millman, comes soon after the Franklin, Tenn.-based Community Health Systems, Inc. acknowledged that the personal data of approximately 4.5 million patients was stolen by hackers from its computer network earlier this year.
A majority of those 30.1 million records are tied to theft (17.4 million people), followed by data loss (7.2 million people), hacking (3.6 million) and unauthorized access accounts (1.9 million people), according to a Washington Post analysis of HHS data. These numbers don't include the Community Health Systems data breach.
There are also many more incidents of smaller-scale breaches. In 2012, for example, HHS received 21,194 reports of smaller breaches affecting 165,135 people, according to the department's most recent report to Congress. Similar numbers were reported in 2011. In all, data breaches cost the industry $5.6 billion each year, estimates the Ponemon Institute, a security firm.
What’s more, recent analysis from legal firm Fox Rothschild LLP has found that the number of major data breaches reported has increased from 239 to 885 in less than a year. The most common breach type is theft; 430 of the 885 list breaches reported the breach type to involve “theft” of all kinds, including laptops, other portable electronic devices, desktop computers, network servers, paper records and others, according to the law firm.