DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Redspin Reports on the 'State of Healthcare IT Security'

Posted on February 5, 2014 by Dissent

Press release.

CARPINTERIA, Calif., Feb. 5, 2014 /PRNewswire/ — Redspin, Inc., a leading provider of penetration testing and IT security assessments, today released its annual Breach Report 2013 – Protected Health Information. In the report, Redspin provides in-depth analysis of the complete history of PHI data breaches reported to the Department of Health and Human Services (HHS), identifies current trends, and highlights the specific areas most in need of improvement.

The migration from paper-based files to electronic health records (EHR) is well underway. According to industry sources, the number of hospitals that have adopted EHR systems has tripled in the past 3 years. Nearly all health providers have registered for the Federal government’s “Meaningful Use” program – established per the 2009 HITECH Act – which provides monetary incentives based on the adoption, implementation rate, and security of electronic health records.

Yet Redspin reports that nearly 30 million Americans have had their personal health information breached or inadvertently disclosed since 2009. In 2013 alone, 199 incidents of breaches of PHI were reported to HHS impacting over 7 million patient records, a 138% increase over 2012.

“I think the 138% increase in patient records breached caught a lot of people by surprise,” said Daniel W. Berger, Redspin’s President and CEO. “There was a sense that the government’s ‘carrot and stick’ approach – requiring HIPAA security assessments to qualify for meaningful use incentives and increasing OCR enforcement initiatives – was driving real progress.”

“IT security is a complex task,” continues Berger. “Many HIPAA security risk assessments only graze the surface. It is essential that your scope be both broad and deep. The goal is not simply to complete a compliance checklist; it is about safeguarding PHI. That takes organization commitment and investment. Vigilance must be institutionalized.”

In 2013, a single incident – the theft of four desktop computers from an office at Advocate Medical Group – may have exposed over 4 million records alone. The second and third largest breaches were also caused by theft. In each case, unencrypted laptops containing hundreds of thousands of records were stolen. For the past 3 years, Redspin has cited the lack of encryption on portable devices as one of the highest risks to PHI. “It’s only going to get worse given the surge in the use of personally-owned mobile devices at work,” adds Berger. “We understand it can be painful to implement and enforce encryption but it’s less painful than a large breach costing millions of dollars.”

A copy of the full Redspin report can be downloaded here:http://www.redspin.com/resources/whitepapers-datasheets/Request-2013-Breach-Report-Protected-Health-Information-PHI-Redspin.php

For more information visit www.redspin.com

SOURCE Redspin, Inc.

No related posts.

Category: Uncategorized

Post navigation

← CT: State to offer credit guard for 1099 error
White Lodging releases additional information about data breach investigation (updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.