I was browsing the website of breaches reported to HHS today to see what types of breaches are a common trend, and what is being reported. I found some interesting statistics.
From January 1, 2009 to today, there were 1105 total breaches reported. 721 of those breaches reported to HHS were caused by theft. I’m not too surprised by this. Out of that 721 breaches, 292 were stolen laptops, 128 were stolen desktop computers, 148 were stolen paper/films.
Other Breaches Reported
155 were a hacking/IT incident, 54 were improper disposal, and 347 were unauthorized access/disclosure.
Out of the 1105 breaches, 770 of them were reported by a Healthcare Provider, while 4 were reported by a Healthcare Clearing House, and 118 were reported by a Health Plan. As required, all of these breaches involve more than 500 patients. A couple of the largest breaches were CareFirst BCBS of 1.1 million patients, Anthem which had 7.8 million and Premera BC with over 1.1 million to name a few. Most of the healthcare providers involved anywhere from 500 patients to 40,000 patients.
Not all breaches make it to the HHS wall of shame, and not all breaches need to be reported to HHS.
You don’t want to make it to the wall. The worst thing you can do if you have a breach is NOT report it. That in itself is a violation. If you have a breach, report it asap. Don’t be the practice that tries to hide it. It will end up costing you later.