Data breaches an ever-present worry for physicians
Posted: Oct 10, 2011
By PAMELA LEWIS DOLAN, amednews staff.
Health care represented a smaller proportion of major data breaches investigated by a corporate investigation team and the U.S. Secret
Service in 2010.
However, Verizon Business said even though health care dropped to 1% from 3% of all breaches included in the report, the number of breaches actually went up. That’s because, overall, the number of breaches reported to Verizon and the Secret Service jumped to 761 from 141 the previous year.
More disturbing for physician practices, Verizon said, is that in 2010 outside hackers tended to attack smaller organizations in hopes that their information was more vulnerable. Though the number of incidents increased, there was a massive decrease in the number of documents involved in those breaches — down from 144 million in 2009 to 4 million in 2010. The most common targets were hospitality (40%), retail (25%) and financial services (22%) (http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf).
The breaches included in the Verizon Data Breach Investigation Report were confirmed cases reported to and investigated by Verizon. The report also included breach cases investigated separately by the Secret Service, which provided numbers to Verizon for the report.
The report’s totals on health care do not represent all data breaches disclosed, by law, to the Dept. of Health and Human Services Office for Civil Rights. The report includes only those breaches reported to Verizon and the Secret Service by individuals or businesses seeking an investigation that will lead to prosecution.
The 2009 Health Information Technology for Economic and Clinical Health Act requires health care organizations experiencing a breach affecting 500 or more people to report the incident. In 2010, 207 breach incidents that included more than 5 million records were reported to HHS. There were 46 incidents reported in 2009 from September to the end of December (http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool).
The majority of those cases involve “data at risk,” meaning data is missing but a criminal investigation has not been launched.
Source: American Medical Association | Read More
photo courtesy by jscreationzs