Redspin Reports on the "State of Healthcare IT Security"

CARPINTERIA, Calif., Feb. 1, 2012 /PRNewswire/ -- Redspin, Inc., a leading provider of IT security assessments, has released its Breach Report 2011, Protected Health Information. The report examines a total of 385 incidents affecting over 19 million individuals since the HITECH Act's breach notification rule went into effect in August 2009.

"Information security data breach in healthcare has reached epidemic proportions - the problem is widespread and accelerating," said Daniel W. Berger, Redspin's President and CEO. "Incidents have been reported in nearly all 50 states and the total number of records breached increased 97% in 2011 as compared to 2010."

Redspin cites the increasing concentration of PHI on unencrypted portable devices (laptops, media) and the lack of sufficient oversight of PHI disclosed to hospital "business associates" as the main reasons for the increase. Malicious attacks (theft, hacking, and insider incidents) continue to cause 60% of all breaches due to the economic value of a personal health record sold on the black market and for medical ID theft used to commit Medicare fraud.

At the conclusion of the report, Redspin also provides specific recommendations, drawn from its statistical analysis and real-world experience providing HIPAA security risk analysis services to dozens of hospitals and other healthcare organizations. Information security breach is the Achilles' heel of PHI," continued Berger. "Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records."

A full copy of Redspin's "Breach Report 2011, Protected Health Information" can be found at:


CONTACT: Daniel W. Berger, Redspin, Inc., +1-805-684-6858, [email protected]