DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Do Healthcare Data Breaches Really Lag Other Industries?

Posted on August 20, 2010 by Dissent

Over on HealthLeaders Media, Dom Nicastro has an article with the optimistic headline, “Healthcare Data Breaches Lag Other Industries.”

Unfortunately, the article is based on the recent Verizon-USSS report. As I’ve previously commented, the results of that study are at odds with other studies that are based more on media reports and other resources. As long as there is a significant self-selection or self-referral factor in Verizon’s database, I do not think we can conclude that health care sector breaches make up just 3% of all breaches. To the contrary, I think that until recently, we have been less likely to find out about health care sector breaches because federal regulations for financial institutions were more stringent on notification of breaches than HIPAA and state laws that require notification by businesses often exempt HIPAA-covered entities.

Additionally, I think that we are less likely to find out about breaches in the health care than some other sectors because:

1. Health care entities are more concerned about confidentiality and may be less likely to publicly admit to any breach due to reputational harm issues (although new requirements under ARRA mandate such disclosure which helps explain the recent upsurge in number of breach reports from this sector), and
2. Health care entities may not invest as much in IT security and as one result, may not detect breaches as promptly as entities in other sectors who may be required to have regular security audits by certified auditors or who may be more likely to have consumers contact them if they’ve experienced any fraud. I hypothesize that when people experience fraud on their credit or debit cards, they will wrack their brains thinking of what stores they may have used their card at and totally forget that they used the card for health care services. Similarly, I doubt most people who become victims of new account fraud would think about whether an employee of a hospital or health insurer might have stolen or sold their details to others to use for fraudulent purposes.

It would be nice if Verizon was right in suggesting that health care sector breaches are less than 5% of all breaches. I just don’t think that statement is warranted.

No related posts.

Category: Health Data

Post navigation

← HHS Committee Sanctions Health IT Security Proposal
California passes notification content bill, but will Schwarzenegger sign it? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.