I recently came across a great blog post by Danika Brinda on the TriPoint Healthcare Solutions blog that looked at the HIPAA Breach statistics. I guess Danika is a nerd like me and enjoys looking at the HIPAA breach statistics. Here’s some of her high level findings from the latest HHS reports:
- A total of 1,293 Data Breaches have been reported since September 2009
- Paper is still the #1 location (media type) of data breaches – 23% of total breaches involving greater than 500 individuals
- Theft and Loss make up 59% of types of data breaches
- Data hacking only makes up 10% of all data breaches where greater than 500 individuals were impacted
- Business Associates are responsible for 22% of data breaches greater than 500 individuals
You can go check out her blog post for other findings and a number of charts using the data.
I think the stats above paint a very different picture than what most would expect. Many like to pretend that somehow breaches weren’t really an issue on paper. The stats above definitely say otherwise. I was also shocked that 59% of breaches were from theft of loss. Although, I wonder if more of those are reported, because it’s not as shameful to have something stolen from you as maybe some other violation which illustrates your negligence.
What wasn’t surprising to me was the increase in business associates that were responsible for the breach. I believe that number will continue to increase and increase dramatically. Many healthcare organizations don’t have a good grip on the HIPAA compliance of their business associates and I think they’re going to get blind sided by breaches.
What do you think of this data? Anything stand out to you?