Consumer group lists top 6 data breaches of 2011

By Stephanie Bouchard
10:40 AM

Of the six most significant data breaches in 2011, three were in the healthcare industry, according to the Privacy Rights Clearinghouse, a nonprofit consumer protection and advocacy organization.

Breaches at Sutter Physicians Services/Sutter Medical Foundation ranked third on the list, Health Net came in fifth and Tricare Management Activity/Science Applications International Corporation came in sixth.

PRC has tracked data breaches since 2005 and publishes a yearly chronology of significant breaches. In a press release announcing its top six picks for the most significant such occurences of 2011, the organization said this year had some of the biggest breaches since it began tracking them. The group tracked 535 breaches involving 30.4 million sensitive records. Of those 535 breaches, 190 of them were in the healthcare system.

A number of reports have been sounding the alarm over data breaches in healthcare.

Earlier this month, a study conducted by the Ponemon Institute found that the frequency of data breaches in healthcare has increased by 32 percent in the last year, at an estimated cost to the industry of $6.5 billion.

[See also: Costly healthcare data breaches jump 32 percent.]

What’s more, the industry isn’t prepared to plug the security holes, said a report issued last fall by PricewaterhouseCooper’s Health Research Institute.

[See also: PwC: Health industry under-prepared to protect privacy.]

“Medical breaches are particularly significant and harmful because of the sensitivity of personal information exposed, in addition to, often, Social Security numbers and dates of birth,” noted PRC in a statement.

The breaches PRC tracked over the last year are actually far fewer than the public realizes said the organization’s director, Beth Givens, in the statement accompanying the release of the group’s top six. "This is a conservative number," said Givens. "We generally learn about breaches that garner media attention. Unfortunately, many do not. And, because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about. Our chronology is only a sampling."

See the next page for PRC's top six most significant data breaches of 2011.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.