TribLIVE

| USWorld

 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Health care data breaches hit 30M patients and counting

Email Newsletters

Click here to sign up for one of our email newsletters.

Daily Photo Galleries

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

By The Washington Post
Tuesday, Aug. 19, 2014, 8:12 p.m.
 

WASHINGTON — The recent theft of 4.5 million medical records by Chinese hackers highlights one undeniable truth about health care data: it's valuable, and bad people want it. In this latest incident, hackers reportedly stole personal data from Community Health Systems patients, including their Social Security numbers, which is an especially coveted piece of information if you want to steal someone's identity. But it appears that patients' medical data and credit card numbers were not stolen in this case.

Thanks to some tougher federal reporting requirements for health-care data breaches in recent years, we have a better sense of when patient information goes missing or might have been inappropriately accessed by someone. Tougher breach notification requirements were tied to a provision in the 2009 stimulus act that included billions of dollars in incentives to encourage electronic health record adoption, in part to allay fears that health care's digital transformation put our health records at greater risk.

The numbers aren't pretty.

Since federal reporting requirements kicked in, the U.S. Department of Health and Human Services' database of major breach reports (those affecting 500 people or more) has tracked 944 incidents affecting personal information from about 30.1 million people. A majority of those records are tied to theft (17.4 million people), followed by data loss (7.2 million people), hacking (3.6 million) and unauthorized access accounts (1.9 million people), according to a Washington Post analysis of HHS data. These numbers don't include the Community Health Systems data breach.

There are also many more incidents of smaller-scale breaches. In 2012, for example, HHS received 21,194 reports of smaller breaches affecting 165,135 people, according to the department's most recent report to Congress. Similar numbers were reported in 2011.

In all, data breaches cost the industry $5.6 billion each year, estimates the Ponemon Institute, a security firm.

Subscribe today! Click here for our subscription offers.

 

 


Show commenting policy

Most-Read Nation

  1. 2 women advance to final phase of Army Ranger training
  2. Obama to mandate steeper emissions cuts from power plants
  3. State Department accuses top Clinton aide of violations
  4. Marines finally ready to roll out controversial fighter jet
  5. Obama’s nuclear deal lobbying sways Democrats
  6. U.S., Hong Kong researchers develop computer model to examine spread of influenza
  7. Pressure mounts for Biden to join 2016 White House race
  8. 4 dead, 65 sickened in Bronx by Legionella
  9. Name of cop withheld in shooting of motorist in South Carolina
  10. Food industry players fighting proposed dietary guidelines drop millions on lobbyists
  11. Midwest farmers pessimistic of fall harvest amid damaging, long-term rain