Data breaches impact more uses in 2011 according to analysis of data
Self-reporting of breaches is a requirement for businesses under the Health Information Technology for Economic and Clinical Health Act (HITECH) which is an expansion of HIPAA. In one analysis of the data almost twice as many people were affected by data breaches in 2011 as in 2010. The analysis showed that the total number of breaches dropped by 32% to 145 but the number of people affected by those breaches doubled to 10.8 million.
The increase in the number of people affected by breaches signals that individual incidents are more users.
The data shows that California had the highest number of breaches in 2011 with 15, followed by Texas (11), Illinois (8), Florida (7), and New Jersey (7).
The causes are:
- Theft – 52%
- Unauthorized access – 22%
- Loss – 11%
- Hacking – 6%
- Improper disposal -5%
- Unknown -3%
- Other -1%
Breaches that involved the loss of healthcare data affected the most individuals – 6.1 million. Theft affected 2.4 million, unknown cause affected 1.9 million, and loss affected 1.2 million. Unauthorized access, hacking, improper disposal and other combined affected about 464,000 individuals.
The association between laptop computers and healthcare data breaches seems obvious, but access to other portable electronic devices such as thumb drives, backup tapes, CDs, DVDs, and X-Ray films accounted for 28% of the breaches and affected 8.2 million people.
Paper and laptops account for 27% and 22% of the beaches, respectively, but combined accounted for only 5% of the individuals affected by breaches. The study says this is a result of organizations taking steps to remove or encrypt protected health information.