Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this
4Activity
×
P. 1
HITRUST Report - U.S. Healthcare Data Breach Trends.pdf

HITRUST Report - U.S. Healthcare Data Breach Trends.pdf

Ratings: (0)|Views: 1,133|Likes:
Published by David Harlow

More info:

Published by: David Harlow on Dec 07, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

12/06/2013

pdf

text

original

 
ThisdocumentistheinformationofHITRUST,LLC.ThisisapublicationofHITRUSTprovidinggeneralnewsaboutdevelopmentsaboutinformationsecurityinhealthcareandshouldnotbeconstruedasprovidinglegaladvice,legalopinionsorconsultativedirection.Permissiontomodify,useorquoteisnotpermittedwithouttheexpressconsentofHITRUST,LLC.Requestscanbesenttonotices@hitrustalliance.net.ForgeneralquestionsregardingthispieceorHITRUST,pleasecontactinfo@hitrustalliance.net.Mediashouldcontactpr@hitrustalliance.net.

 
 ALookBack:U.S.HealthcareDataBreachTrends
 AretrospectiveanalysisofU.S.healthcaredatabreachesaffecting500ormoreindividuals
 Authors: Chris Hourihan and Bryan Cline, Ph.D. for Health Information Trust Alliance (HITRUST)December 2012 

 
2
TableofContents
ExecutivePerspective...................................................................................................................................3StateoftheIndustry.................................................................................................................................3PhysicianPractices...................................................................................................................................4BusinessAssociates..................................................................................................................................5GovernmentInstitutions..........................................................................................................................6PaperRecords..........................................................................................................................................6TheUn-Reported......................................................................................................................................7Recommendations...................................................................................................................................8FindingsandAnalysis.................................................................................................................................10OverviewoftheData.............................................................................................................................10TheNumbersataGlance.......................................................................................................................12HistoryofBreaches................................................................................................................................14BreachesbyOrganizationType..............................................................................................................16BreachesImplicatingBusinessAssociates..............................................................................................18IdentificationandNotificationofBreaches............................................................................................20TypeandSourceofBreaches.................................................................................................................21Type....................................................................................................................................................21Source.................................................................................................................................................22TypeandSource.................................................................................................................................23TypesofBreachesbyOrganizationType............................................................................................26MacroAnalysis.......................................................................................................................................28PhysicalVs.Electronic........................................................................................................................29InsiderVs.OutsiderThreat.................................................................................................................30AccidentalVs.MaliciousIntent..........................................................................................................31MultipleBreaches...............................................................................................................................32Cybercrime.............................................................................................................................................32Hacking...............................................................................................................................................32InConclusion..............................................................................................................................................37Recommendations.................................................................................................................................38HowHITRUSTIsAdapting.......................................................................................................................43
 
3
ExecutivePerspective
IthasbeenmorethanthreeyearssincethebreachnotificationrequirementsoftheHealthInformationTechnologyforEconomicandClinicalHealth(HITECH)Actwentintoeffect.Sincethattime,theindustryhaswitnessedasteadyflowofbreacheswherethenumberaffectedwasover500individuals.Thenumberofbreachestotaled495asofOctober1,2012.Therehasalsobeenanalarminglyhighnumberofbreacheswherethenumberofindividualsaffectedwasunder500individuals,totalingover57,000asofMay2012
i
.Whilethedetailsofthosebreachesaffectinglessthan500individualsarenotpublished,theU.S.DepartmentofHealthandHumanServices(HHS)continuestomakeavailablethedetailsofthoseover500individuals
ii
.ThisdatacoupledwiththeinformationobtainedthroughHITRUSTCSFassessmentsprovidesthefoundationforouranalysis.
StateoftheIndustry
Howhastheindustrybeenfairing?TheindustryhasimprovedslightlysincebreachreportingbecamemandatoryinSeptember2009,butrecentspikesmakeitunclearwhetherimprovementwillcontinue.Atamacrolevel,thenumberofbreachesexperiencedandpostedquicklyreachedapeak,leveledoff,andappearstobeonasteadydecline,asseeninFigure1.Whilethegoodnewsisthatreportablebreachesdonotappeartobebecominganymorepervasive,thebadnewsisthattheindustry’sprogressappearstobeslow.Lookingatsomeofthespecifics,theorganizations,typesofbreaches,andthesourcesofthebreacheddataremainfairlyconsistentyearoveryear,ordemonstrateanincreasefollowinganinitialdecline.
0102030405060Qtr3Qtr4Qtr1Qtr2Qtr3Qtr4Qtr1Qtr2Qtr3Qtr4Qtr1Qtr22009201020112012
     N   u    m     b    e    r    o     f    B    r    e    a    c     h    e    s
DateofBreach
Total4per.Mov.Avg.(Total)
Figure1–TotalNumberofBreachesinHealthcareperQuarter 

Activity (4)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
David Harlow liked this
David Harlow liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->