Security Report: Massive Increase in Data Breaches

by | Feb 7, 2014

A new data security report issud by healthcare IT security firm Redspin suggests the number of data breaches made known to the U.S. Department of Health and Human Services has increased by 138% over the course of the past year.

The final figures could yet be even higher still, as the report only includes data breaches which have been reported by HIPAA-covered organizations that have affected more than 500 people (incidents involving data being compromised where under 500 individuals are affected do not need to be a matter of public record and are therefore not contained in the report). Even with the strict reporting criteria under the HIPAA Security Rule, many incidents involving data breaches are not reported according to industry representatives.

The total number of people affected by data breaches is currently thought to be around 29.3 million, although there is potential for the actual number of victims is far higher. The Director of Privacy and Security at HIMSS estimated the actual number of victims to be in the region of 40 and 45 million back in 2012.

Even when incidents are made known to the relevant authorities, not all of the complaints are successfully settled. The OCR has been unable to resolve 5,447 cases of suspected HIPAA violations and 53,000 out of the 90,000 complaints it has received resulted in cases being settled. This is not because there was no HIPAA breach, but due to other issues such as a withdrawn complaints or a lack of jurisdiction to follow up on possible security breaches and procedural failures.

While attacks by hackers are on the rise, the Redspin report attributed just 65 of the data breaches to hackers, 22 percent due to unauthorized access and 35 percent involved stolen laptops and computers containing encrypted data. Eighty three percent of all large breaches involved the theft of devices according to date contained in the report.

Over previous years the attempts of healthcare companies have had a positive effect in reducing unauthorized access and data theft. However, businesses are a particular security weak point, being involved in the majority of large data breaches occurring between 2009 and 2012 although over the past year they have only been involved in ten percent of all data breaches reported.

While not every security breach can be stopped, organizations can take a number of steps to limit the chance for cybercriminals to gain access to data. Education of the staff is important and robust data encryption software can stop data from being compromised. A regular risk inspection must be carried to ensure that security holes are quickly discovered and plugged as, according to the OCR, It is the lack of a thorough risk assessment which leads to most data breaches.

The OCR is planning on approving random audits to test for HIPAA compliance and there is expected to be a dramatic rise in both the number of HIPAA violations uncovered and the number of HIPAA sanctions issued by the OCR. To date, out of the 90,000 complaints received to date only 17 have lead to in financial penalties being applied.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy