News Feature | November 5, 2014

Data Breach Report: 18.5 Million Californians' Personal Data At Risk

Christine Kern

By Christine Kern, contributing writer

UMass Patient Data Breach

Report demonstrates the majority of health data breaches in California were due to stolen hardware.

According to a press release, Attorney General Kamala D. Harris has released the second annual report detailing the 167 data breaches reported to the Attorney General’s office in 2013. The report reveals the 167 breaches placed the personal data of an estimated 18.5 million Californians at risk. As part of the report, the Attorney General also released a number of recommendations on breach prevention and data protection in the future.

“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers,” Harris said in the statement. “The fight against these kind of cybercrimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses. I strongly encourage more use of encryption to significantly reduce the risk of data breaches.”

The report recommends healthcare providers should use strong encryption to protect medical information on laptops and on other portable devices, and consider encryption for desktop computers.

In 2013, reported data breaches rose over 28 percent, from 131 in 2012, while the number of affected Californians jumped by over 600 percent, from 2.5 million in 2012 to 18.5 million last year. The largest portion of this spike was a result of the massive retailer breaches at Target and LivingSocial, each of which put the personal information of approximately 7.5 million Californians at risk.

Significantly, however, 53 percent of the breaches reported in 2013 were the result of computer intrusions, including malware and hacking attacks. The rest of the breaches were the result of physical loss of theft of devices that contained unencrypted personal information (26 percent); unintentional errors (18 percent); and intentional misuse (4 percent).

As Health IT Outcomes reported, incidents like the recent hack of email at UC Davis serve to underscore the continued important of vigilance when it comes to protecting the integrity of patient data. And they make a solid case for utilizing encrypted data, even in email communications between providers.

Nearly 39 million people have had their PHI compromised in HIPAA privacy and security breaches, involving 500 people or more, according to data from the Department of Health and Human Services. Hacking breaches constitute nearly 10 percent, or 3.7 million people, of all HIPAA privacy and security breaches, according to HHS.

Encryption would help combat the vulnerability of patient/consumer information in the case not only of deliberate hacking, but also in the case of loss or theft of devices containing sensitive data.