Author: Jake Massey / Source: TechCXO – On Demand Executives; CFOs, CMOs, CSOs, COOs, CIOs, CTOs
This article was slated for a later release, but given the news about nearly 200 million American’s PII was made publicly available by a firm working for the RNC, we have decided to release this early.
[More information can be found here: http://gizmodo.com/gop-data-firm-accidentally-leaks-personal-details-of-ne-1796211612]
At the time of writing this article, 1,941 total breaches that have affected more than 500 people in a single incident have been reported to the Department of Health and Human Services since its inception in 2009. Yet there are thousands of organizations that are HIPAA compliant. How does this happen? Here is a little unknown secret. Compliance is not the same as Risk Management. Moving beyond HIPAA is where we find ourselves today: in need of a solution that requires active vigilance to protect your most valuable asset — your data.
Here’s some of the raw data with you that will help frame the rest of our research and solutions:
As you can see, most breaches occur through theft and unauthorized access to protected systems that contain electronic protected health information (ePHI), or electronic heath records (EHR). Your own employees are the largest culprits of this happening, sometimes with non-malicious intent. It is simply because they don’t know any better, or proper risk measurement and employee training has not taken place. A more sobering chart is below.
More than 130,000,000 people have been affected by hacking and/or an IT incident. The total number of Hacking incidents is only 40% of the total number of breaches by Theft, however Hacking represents a 500% increase in the total number of effected individuals. Please keep in mind, this is not the…
Click here to read more
