Redspin Reports on the "State of Healthcare IT Security"

CARPINTERIA, Calif., Feb. 1, 2012 /PRNewswire/ -- Redspin, Inc., a leading provider of IT security assessments, has released its Breach Report 2011, Protected Health Information. The report examines a total of 385 incidents affecting over 19 million individuals since the HITECH Act's breach notification rule went into effect in August 2009.

"Information security data breach in healthcare has reached epidemic proportions - the problem is widespread and accelerating," said Daniel W. Berger, Redspin's President and CEO. "Incidents have been reported in nearly all 50 states and the total number of records breached increased 97% in 2011 as compared to 2010."

Redspin cites the increasing concentration of PHI on unencrypted portable devices (laptops, media) and the lack of sufficient oversight of PHI disclosed to hospital "business associates" as the main reasons for the increase. Malicious attacks (theft, hacking, and insider incidents) continue to cause 60% of all breaches due to the economic value of a personal health record sold on the black market and for medical ID theft used to commit Medicare fraud.

At the conclusion of the report, Redspin also provides specific recommendations, drawn from its statistical analysis and real-world experience providing HIPAA security risk analysis services to dozens of hospitals and other healthcare organizations. Information security breach is the Achilles' heel of PHI," continued Berger. "Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records."

A full copy of Redspin's "Breach Report 2011, Protected Health Information" can be found at:


CONTACT: Daniel W. Berger, Redspin, Inc., +1-805-684-6858, [email protected]

Suggested Articles

An assessment looking at 12 health systems that allow patients to download their health records to their smartphones via APIs finds modest uptake.

The National Institutes of Health-led All of Us precision medicine project has enrolled 230,000 participants with another 40,000 people registered.

Hospitals must pursue a deliberate strategy for managing their public image—and a powerful tool for doing so is inpatient clinical data registries.