BreachExchange mailing list archives
OCR: Data Breaches Double Since July
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sun, 5 Dec 2010 14:39:58 -0500
http://www.healthleadersmedia.com/content/TEC-259666/OCR-Data-Breaches-Double-Since-July The number of entities reporting breaches of unsecured protected health information (PHI) affecting 500 or more individuals is close to reaching the 200 mark. As of Tuesday, November 30, the number of entities reporting breaches to the government's HIPAA privacy and security enforcer hit 197. The number of entities—listed on the Office for Civil Rights (OCR) breach notification website--has almost doubled since July, when the number hit 107. In the past five months, 90 new reports have surfaced, or an average of 18 per month, a higher pace than the 15-per-month the first five months after OCR launched the website. The list is required by HITECH, the American Recovery and Reinvestment Act of 2009 privacy subpart that includes greater breach notification requirements, more public scrutiny and increased fines for HIPAA violations. The reporting requirement is included in the interim final rule on breach notification, which became effective on September 23, 2009. The breach affecting the most individuals is still AvMed, Inc. of Florida, whose Dec. 10, 2009, breach involving a laptop affected 1.22 million individuals. Laptops are still the number one location of breach information on the list, accounting for 55 of the 197 reports (27.9%). Paper records (41 reports), desktop computers (32) and portable electronic devices (29) follow. The top five breaches with the largest number of affected individuals are: AvMed, Inc. State: Florida Approximate number of individuals affected: 1,220,000 Date of breach: Dec. 10, 2009 Type of breach: Theft Location of beached information: Laptop Blue Cross Blue Shield of Tennessee State: Tennessee Approximate number of individuals affected: 1,023,209 Date of breach: Oct. 2, 2009 Type of breach: Theft Location of breached information: Hard drives South Shore Hospital (MA) State: Massachusetts Approximate number of individuals affected: 800,000 Date of breach: Feb. 26, 2010 Type of Breach: Loss Location of Breached Information: Portable Electronic Device, Electronic Medical Record, Other Puerto Rico Department of Health State: Puerto Rico Approximate number of individuals affected: 400,000 Date of breach: Sept. 21, 2010 Type of Breach: Unauthorized access/disclosure, hacking/IT incident Location of Breached Information: Network Server Affinity Health Plan, Inc. State: New York Approximate number of individuals affected: 344,579 Date of breach: Nov. 24, 2009 Type of breach: Other Location of breached information: Other _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- OCR: Data Breaches Double Since July Jake Kouns (Dec 05)