HHS Website Lists 931 Data Breaches Affecting More Than 30.6M
April 1, 2014 in News
Between September 2009 and March 28, there were more than 900 large health data breaches, affecting more than 30.6 million U.S. residents, GovInfoSecurity reports.
HHS has been tracking data breaches since September 2009, when the HIPAA breach notification rule went into effect. The agency reports health information breaches affecting more than 500 individuals on its “wall of shame” website.
Details of Breaches
The website currently lists 931 breaches that have affected 30.6 million residents.
Lost or stolen devices that were unencrypted account for the majority of the breaches on the wall, according to Gov Info Security.
Meanwhile, about 25% of the breaches involved business associates. That number is expected to grow in the coming months as more vendors are considered business associates under the HIPAA Omnibus Rule, which went into effect in 2013.
Dan Berger — CEO of Redspin, an IT security assessment firm — said that “business associates often have a more difficult task in securing [personal health information] than providers,” adding, “Thus, the surface area for potential breaches is greater.”
However, Berger added, “We are seeing very encouraging signs that large business associates are taking HIPAA compliance seriously and conducting risk assessments” (Kolbasuk McGee, Gov Info Security, 3/31).