More than 7.8 million people had their healthcare information compromised in 252 major data breaches during a 15-month period in 2009 and 2010, according to a recent report to Congress by the Department of Health and Human Services (HHS).
About half of the major breaches
affecting more than 500 people were the result of theft, including
stolen electronic equipment such as network components, laptops or hard
drives. The largest reported theft affected 1.9 million people, HHS said in its report.
This involved the theft of back-up tapes that contained electronic
medical records as they were being transported by a vendor to the
vendor’s site.
Of the 99 reported incidents of theft in 2010, 42 involved the theft of laptops. The majority of the incidents involved thefts of laptops onsite while a few incidents involved offsite theft, such as theft of a laptop from an employee’s car. Twenty-one incidents involved theft of desktop computers from onsite locations.
Fourteen incidents were reported as theft of “portable electronic device/other”, which were predominately stolen smartphones and flash drives. Finally, seven incidents were reported as thefts of more than one device, such as a laptop and a desktop computer or a desktop computer and network drive, and five incidents involved theft of a network server.
Other reported data breach incidents involved intentional unauthorized access to, use, or disclosure of protected health information; human error; loss of electronic media or paper records containing protected health information; and improper disposal of records.
The HHS report looked at data breaches that occurred between Sept. 23, 2009, when notification requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Act went into effect, and Dec. 31, 2010.
Of the 99 reported incidents of theft in 2010, 42 involved the theft of laptops. The majority of the incidents involved thefts of laptops onsite while a few incidents involved offsite theft, such as theft of a laptop from an employee’s car. Twenty-one incidents involved theft of desktop computers from onsite locations.
Fourteen incidents were reported as theft of “portable electronic device/other”, which were predominately stolen smartphones and flash drives. Finally, seven incidents were reported as thefts of more than one device, such as a laptop and a desktop computer or a desktop computer and network drive, and five incidents involved theft of a network server.
Other reported data breach incidents involved intentional unauthorized access to, use, or disclosure of protected health information; human error; loss of electronic media or paper records containing protected health information; and improper disposal of records.
The HHS report looked at data breaches that occurred between Sept. 23, 2009, when notification requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Act went into effect, and Dec. 31, 2010.
0 comments:
Post a Comment