Report: Electronic Health Information Under Attack

Redspin report finds two-thirds of all records breached resulted from laptops or other portable media devices

February 10, 2011

2 Min Read

PRESS RELEASE

CARPINTERIA, Calif., Feb. 9, 2011 /PRNewswire/ -- Redspin, a leading provider of HIPAA risk analysis and IT security assessment services, today released an analysis of all protected health information breaches publicly recorded between August 2009 and the end of 2010, as per the interim final breach notification of the HITECH Act. The findings were based on 225 security breaches affecting 6,067,751 individuals.

Redspin's analysis focuses on single breaches affecting more than 500 people. Such large scale breaches must be reported on a timely basis to individuals, the media and the HHS Secretary according to the HHS Office of Civil Rights' regulations. The regulations also require business associates of covered entities to notify the covered entity of such breaches at or by the business associate.

Selected findings from the report include:

-- 43 states, D.C. and Puerto Rico have suffered at least one breach affecting over 500 individuals. -- ~27,000 individuals, on average, are affected by a breach. -- 78% of all records breached are the result of 10 incidents, five of which are the result of theft of common storage media e.g. desktop computers, network servers, and portable devices. -- 61% of breaches are a result of malicious intent. -- ~66,000 individuals, on average, are affected by a single breach of portable media. -- 40% of records breached involved business associates.

"Redspin is committed to helping covered entities and business associates properly safeguard private health information," said John Abraham, President and CEO of Redspin. "We hope that by highlighting these findings we can help healthcare organizations proactively address areas of highest risk."

A full copy of the report is available at http://www.redspin.com

About Redspin, Inc.

Redspin delivers comprehensive security testing, risk management and compliance solutions. For hospitals and other covered entities, Redspin provides HIPAA risk analysis and IT security assessment services that meet the security requirements of the EHR meaningful use incentive program. Most importantly, Redspin helps keep protected health information safe and critical IT systems secure. The company's expertise, objectivity and business acumen have made Redspin a trusted partner to healthcare and other industries for over a decade.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

The words "zero-day" written in a line of code on a computer screen
Application Security
Microsoft NTLM Zero-Day to Remain Unpatched Until AprilMicrosoft NTLM Zero-Day to Remain Unpatched Until April
byJai Vijayan, Contributing Writer
Dec 9, 2024
3 Min Read
A glowing purple and pink key, with dots and numbers in the background
Cyber Risk
Symmetrical Cryptography Pioneer Targets the Post-Quantum EraSymmetrical Cryptography Pioneer Targets the Post-Quantum Era
byKristina Beek, Associate Editor, Dark Reading
Dec 11, 2024
3 Min Read
A patchwork quilt
Application Security
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch TuesdayMicrosoft Fixes Active Zero-Day, Critical RCEs on Patch Tuesday
byTara Seals, Managing Editor, News, Dark Reading
Dec 10, 2024
5 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers