21 million data breaches in US since 2009

In the US, data breaches are considered a violation of HIPAA patient privacy, and are reported to HHS’ Office of Civil Rights (OCR). This stunning total of 21 million breaches 2009 to present are representative of large data breaches (500+ individuals) only–and 54% involved theft, usually a burglar stealing a desktop or laptop. Our last status on this was back in April, and we revisited the informative Privacy Rights Clearinghouse which records data breaches from multiple industries. The largest and most recent healthcare breach involving SSIs and DOBs–the most serious type–involved over 102,000 individuals at Memorial Healthcare System in Florida, and not through theft, but by a dishonest employee misusing patient information. iHealthBeat

And what to do? A comparison of US and UK approaches finds that the US HHS tends to go after only the largest breaches and assesses big financial penalties, but the UK vigorously goes after smaller breaches with frequent and sizable penalties. It is still too early to tell what is the most effective approach. Breach Penalties: Comparing U.S., U.K. (Healthcare Info Security)

Want to avoid being on HHS’ and PRC’s lists? Data recovery mavens DriveSavers analyze five security vulnerabilities that could mean trouble, including hardware and backup record theft, mobile devices, sending data to third parties via simple FTP, the associates of these third parties and the much-hyped cloud. (Healthcare IT News)