Statistics on HHS published breaches affecting 500 or more individuals per HITECH requirements, more than 1 million affected individuals
HHS publishing healthcare breaches
From September 2009 through January 2010 there were 36 breaches affecting an estimated 1,073,657 individuals reported to the HHS.
Here are some statistics:
Where were the breaches?
- 28% in California
- 11% in Michigan
- 11% in Texas
- 8% in DC
- 8% in Illinois
- 33% in 10 other states
How many individuals were estimated to be affected?
- 47% in Tennesee (506,400)
- 33% in Florida (349,000)
- 8% in New York (83,000)
- 4% in California (48,283)
- 7% in other states (76,974)
What were the types of breaches?
- Theft was involved with 74% of the breaches making up 90% of the number of individuals affected
- Unauthorized access was involved with 20% of the breaches making up 4% of the individuals
- The other types (Loss, Mailing, Hacking/IT Incident, Misdirected Email, Phishing) were involved with 19% of the breaches making up 9% of the individuals
Where was the information stored?
- Laptops were involved with 22% of the breaches affecting 36% of the individuals
- Desktop computers were involved with 17% of the breaches affecting 3% of the individuals
- Portable electronic devices were involved with 8% of the breaches affecting 3% of the individuals
- Hard drives were involved with 1% of the breaches affecting 47% of the individuals
- Post cards were involved with 1% of the breaches affecting 8% of the individuals
- Other locations were: Mailings, backup tapes, CD’s, Electronic Medical Record systems, Paper Records, Films, Network Servers and Email.
Details:
| Organization: | State | Estimated # of Individuals Affected | Date of Breach | Type of Breach | Location of Breached Information |
| Mid America Kidney Stone Association, LLC | MI | 1,000 | 9/22/2009 | Theft | Network Server |
| University of California, San Francisco | CA | 610 | 9/22/2009 | Phishing Scam | |
| City of Hope National Medical Center | CA | 5,900 | 9/27/2009 | Theft | Laptop |
| Private Practice | CA | 6,145 | 9/27/2009 | Theft, Unauthorized Access | Desktop Computer |
| Private Practice | CA | 5,166 | 9/27/2009 | Theft, Unauthorized Access | Desktop Computer |
| Private Practice | CA | 5,257 | 9/27/2009 | Theft, Unauthorized Access | Desktop Computer |
| Private Practice | CA | 857 | 9/27/2009 | Theft, Unauthorized Access | Desktop Computer |
| Private Practice | CA | 952 | 9/27/2009 | Theft, Unauthorized Access | Desktop Computer |
| Blue Cross Blue Shield of Tennessee | TN | 500,000 | 10/2/2009 | Theft | Hard Drives |
| Blue Cross Blue Shield Association | DC | 15,000 | 10/7/2009 | Unauthorized Access | Mailings |
| Health Services for Children with Special Needs, Inc. | DC | 3,800 | 10/9/2009 | Loss | Laptop |
| Cogent Healthcare of Wisconsin, S.C. | TN | 6,400 | 10/11/2009 | Theft | Laptop |
| Alaska Department of Health and Social Services | AL | 501 | 10/12/2009 | Theft | Portable USB Device |
| Brooke Army Medical Center | TX | 1,000 | 10/16/2009 | Theft | Paper Records |
| The Children’s Hospital of Philadelphia | PA | 943 | 10/20/2009 | Theft | Laptop |
| Public Employee Health Insurance Plan (Kentucky Employees’ Health Plan) | KY | 676 | 10/20/2009 | Misdirected E-mail | |
| Detroit Department of Health and Wellness Promotion | MI | 10,000 | 10/22/2009 | Theft | Portable Electronic Device |
| Blue Cross Blue Shield Association | DC | 3,400 | 10/26/2009 | Unauthorized Access | Mailings |
| Kern Medical Center | CA | 596 | 10/31/2009 | Theft | Paper Records |
| Massachusetts Eye and Ear Infirmary | MA | 1,076 | 11/10/2009 | Theft | Other |
| Universal American, Inc. | NY | 83,000 | 11/12/2009 | Incorrect Mailing | Postcards |
| Concentra | TX | 900 | 11/19/2009 | Theft | Laptop |
| Children’s Medical Center of Dallas | TX | 3,800 | 11/19/2009 | Loss | Portable Electronic Device |
| Advocate Health Care | IL | 812 | 11/24/2009 | Theft | Laptop |
| Detroit Department of Health and Wellness Promotion | MI | 646 | 11/26/2009 | Theft | Laptop, Desktop Computer |
| University of California, San Francisco | CA | 7,300 | 11/30/2009 | Theft | Laptop |
| Kaiser Permanente Medical Care Program | CA | 15,500 | 12/1/2009 | Theft | Portable Electronic Device |
| Private Practice | NC | 2,000 | 12/8/2009 | Hacking/IT Incident | Computer/Network Server/Electronic Medical Record |
| Blue Island Radiology Consultants | IL | 2,562 | 12/9/2009 | Loss | Backup Tapes |
| AvMed, Inc. | FL | 359,000 | 12/10/2009 | Theft | Laptop |
| Private Practice | MA | 1,860 | 12/11/2009 | Theft | Portable Electronic Device/Electronic Medical Record |
| Goodwill Industries of Greater Grand Rapids, Inc. | MI | 10,000 | 12/15/2009 | Theft | Backup Tapes |
| Educators Mutual Insurance Association of Utah | UT | 5,700 | 12/27/2009 | Theft | CDs |
| Ashley and Gray DDS | MS | 9,309 | 1/10/2010 | Theft | Desktop Computer |
| Carle Clinic Association | IL | 1,300 | 1/13/2010 | Theft | Paper Records and Films |
| The Methodist Hospital | TX | 689 | 1/18/2010 | Theft | Computer |
HHS.gov: Breaches Affecting 500 or More Individuals
Why is HHS shielding the names of some organizations? See post here for more info: PHI privacy