30 Million Americans Affected by Medical Data Breaches Since 2009


According to Redspin's Breach Report 2013 - Protected Health Information, the protected health information (PHI) of almost 30 million Americans has been breached or inadvertently disclosed since 2009.

In 2013 alone, according to the report, 199 PHI data breaches were reported to the U.S. Department of Health and Human Services, impacting more than 7 million patient records -- that's a 138 percent increase over 2012.

"I think the 138 percent increase in patient records breached caught a lot of people by surprise," Redspin president and CEO Daniel W. Berger said in a statement. "There was a sense that the government's 'carrot and stick' approach – requiring HIPAA security assessments to qualify for meaningful use incentives and increasing OCR enforcement initiatives – was driving real progress."

A single breach in 2013, the theft of four computers from Advocate Medical Group, may have exposed more than 4 million such records -- in 2013, 83 percent of all stolen medical records were exposed as a result of device theft. According to Redspin, the lack of encryption on portable devices presents one of the greatest risks to PHI.

"It's only going to get worse given the surge in the use of personally-owned mobile devices at work," Berger said. "We understand it can be painful to implement and enforce encryption but it's less painful than a large breach costing millions of dollars."