Pointer: Lots of health data breaches reported to HHS, only trivial ones to FTC

Steve Gantz comments on the apparent discrepancy in breach reports received by the FTC from PHR vendors and by HHS:

It seems fair to ask, can any substantial conclusions be drawn from the paucity of breaches reported to the FTC or their relative triviality? No one appears to be suggesting that the data protection practices of organizations subject to the FTC’s data breach rule are superior to those of those covered under HHS’ rules, so why so few breaches reported to the FTC? Several possible explanations come to mind, only some of which have anything to do with security or privacy practices

Read his analysis on Security Architecture.

Veradigm's Breach Claims Under Scrutiny After Dark Web Leak
UK: Woman charged after NHS patients' records accessed in data breach
Landmark civil penalty of AU$5.8 million issued under Australia’s Privacy Act
Safaricom-Backed M-TIBA Victim of a Possible Data Breach Affecting Millions of Kenyans
Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
Two U.K. teenagers appear in court over Transport of London cyber attack

Related: