The breach at Texas Health Harris Methodist Hospital Fort Worth, being considered the biggest breach of 2013, is said to have affected 277,000 individuals, and the incident at Indiana Family and Social Services Administration is said to have impacted nearly 188,000 individuals. What is noteworthy is that these two breaches that have grabbed the headlines this year are not typical cases involving loss or theft of unencrypted devices, but have been due to improper disposal of medical records and improper disclosure, both involving business associates.

While the Texas incident involved improper disposal of decades-old microfiche containing medical records that were to be destroyed by a contractor, the Indiana incident involved inadvertent disclosure of personal information in mailings because of a computer programming error by a business associate. Once these incidents are added to the tally of breaches, the total number of people affected in 2013 could potentially triple, thwarting the hopes of the healthcare sector that has been feeling a temporary sense of relief.

Both incidents add a new dimension to the security concerns of healthcare entities, and also serve as a reminder to covered entities to be watchful of business associates and contractors and the security measures taken by them to safeguard health information. However, once the HIPAA Omnibus rule enforcement deadline is reached, business associates will also become directly liable for compliance and potential penalties could go up to $1.5 million per violation.

The Latest Numbers

About 22 percent of the 627 breaches added to the HHS Wall of Shame from September 2009 have involved business associates. These breaches have affected nearly 22.2 million individuals. During the last month, only 7 breaches were added to the tally increasing the number of affected individuals by 31,000.

The tally includes 48 breaches in 2013, which affected about 205,000 individuals. This number however, is much lower in comparison to the 150 breaches affecting 1.7 million people in 2012. But one thing that remains the same is that lost/stolen unencrypted devices continue to be the no.1 cause for breaches since 2009.

These statistics not only reinforce the importance of encrypting data but also serve as a reminder to healthcare organizations to spruce up their security initiatives and address the vulnerabilities and risks in their systems. Aegify Security Posture Management and Aegify SecureGRC can efficiently manage information security with built-in best practices and compliance frameworks that can address all the security concerns of healthcare entities in a comprehensive manner and thus effectively prevent data breaches.

The post Two Huge Data Breaches Headed to the Wall of Shame appeared first on Aegify.