Feb 132013

Redspin breaks down and analyzes the 2012 HHS breach data, here.  Some of their statistics:

21.5% increase in # of large breaches in 2012 over 2011 but… a 77% decrease in # of patient records impacted 

Comment: the pattern of increased number of breaches but decreased number of records impacted is consistent with what we found overall in 2012 in  Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2012

67% of all breaches have been the result of theft or loss

Comment: this appears significantly different than the QuickView report, which found that hacking accounted for over 68% of all breaches, ignoring sector. Some of the discrepancy may be due to hackers not attempting to target the healthcare sector as much as they do the retail/business sector, but some may also be due to the fact that when reporting incidents to HHS, some covered entities may report hacks as “theft” from a network server.

Also different: while business associates accounted for 57% of exposed records in the HHS breach tool, the QuickView report found that business associate/third party breaches (only accounted for 6.2% of the exposed records.

And there’s more, of course. Redspin is only analyzing HHS reports based on HHS’s breach tool whereas QuickView has a broader sample and is global. But the Redspin data reminds covered entities that the security employed by business associates is critically important in protecting patient data.

Sorry, the comment form is closed at this time.