Data Breach Update

The US Dept. Of Health and Human Services and the Office of Civil Rights maintain a public web page with all of the reported HIPAA data breaches of 500 or more records.  The web page, commonly called the “Wall of Shame” can be found at the link below.

Source: U.S. Department of Health & Human Services – Office for Civil Rights

The wall of shame lists six types of data breachs which occur at the following rate.

  • Theft 41%
  • Unauthorized Disclosure 26%
  • Hacking 16%
  • Loss 8%
  • Unknown 5%
  • Improper disposal 3%

This has changed slightly since I first looked at it a few years ago.  Hacking which includes ransomware has doubled, however it is still only 16%. The big take away is that theft and loss combined represent half of the reported breaches. That is theft and loss of the hardware not the data. In other words if a thief breaks into your car and steals a laptop that is reported as a data breach due to theft.

Two things you can due to protect yourself:

Make your machines hard to steal. Lock them up in a server closet, bolt them to the floor or tie them down with one of those computer locks.

Encrypt all the data on the server and all backups. This is tricky and you will need the help of an experienced IT pro to do it well without drastically slowing down your system.