[BreachExchange] OCR’s 'wall of shame' just cracked 2,000 data breaches. Here’s how reporting has changed since 2009

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 10 20:01:37 EDT 2017 

http://www.fiercehealthcare.com/privacy-security/ocr-s-
wall-shame-just-cracked-2-000-data-breaches-here-s-how-reporting-has-changed

More than 2,000 data breaches have been reported the Department of Health
and Human Services since 2009, when the HITECH Act began requiring the
agency to post breaches on a public web portal.

But a lot has changed since the agency posted that first breach, according
to Healthcare Info Security, which analyzed all 2,018 breaches.

For one, reporting has ramped up considerably. It took almost five years
for the so-called “wall of shame” to reach 1,000 breaches, compared to just
three years to get that second half. In recent years, the HHS Office for
Civil Rights has made an effort to hold healthcare organizations
accountable for reporting breaches within 60 days.

While poor encryption practices made up the majority of breach reports
early on, hacking makes up more than 40% of breaches currently under
investigation over the last two years. Hacking has also implicated far more
patient records, accounting for 75% of compromised records.

"The big takeaway here is that phishing is a successful way to get inside
healthcare facilities,” Susan Lucci, chief privacy officer and senior
consultant at the security consultancy firm, Just Associates, told
Healthcare Info Security.

HHS recently updated the data breach portal, separating data breaches that
have occurred over the last two years that are still under investigation
and those that are older than two years or have been resolved.

Data breaches reported so far this year are on pace to surpass last year’s
total, which was seen as a banner year for healthcare breaches. More than
230 breaches were reported so far this year, accounting for more than 3.1
million patient records.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170810/7c30f6e2/attachment.html>

More information about the BreachExchange mailing list