Redspin breaks down and analyzes the 2012 HHS breach data, here. Some of their statistics:
21.5% increase in # of large breaches in 2012 over 2011 but… a 77% decrease in # of patient records impacted
Comment: the pattern of increased number of breaches but decreased number of records impacted is consistent with what we found overall in 2012 in Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2012
67% of all breaches have been the result of theft or loss
Comment: this appears significantly different than the QuickView report, which found that hacking accounted for over 68% of all breaches, ignoring sector. Some of the discrepancy may be due to hackers not attempting to target the healthcare sector as much as they do the retail/business sector, but some may also be due to the fact that when reporting incidents to HHS, some covered entities may report hacks as “theft” from a network server.
Also different: while business associates accounted for 57% of exposed records in the HHS breach tool, the QuickView report found that business associate/third party breaches (only accounted for 6.2% of the exposed records.
And there’s more, of course. Redspin is only analyzing HHS reports based on HHS’s breach tool whereas QuickView has a broader sample and is global. But the Redspin data reminds covered entities that the security employed by business associates is critically important in protecting patient data.