Data security breaches occur in every industry, but those in healthcare were particularly significant in 2011. Three of the six worst security breaches in the U.S. were in healthcare this year, according to the Privacy Rights Clearinghouse (PRC), a nonprofit consumer protection organization.
Of the recorded breaches, the third biggest was at Sutter Health in northern California; the fifth largest, at Health Net in southern California; and the sixth most significant, at TRICARE/Science Applications International Corp. (SAIC).
The Sutter Health breach involved the theft of a desktop computer from the Sutter Medical Foundation offices in October. The computer contained the records of more than 4 million patients. At least two lawsuits have been filed against Sutter.
Last January, nine computer drives went missing from Health Net's data center in Rancho Cordova, Calif. The drives contained social security numbers and other personal information on nearly 2 million former or current Health Net members. The big health insurer apologized and offered those affected two years of free credit-monitoring services.
In the TRICARE episode, backup tapes of patient data from the military health system were stolen from the car of an employee who was transporting the data, which covered nearly two decades. More than 5 million people were affected, and a class-action lawsuit has been filed against TRICARE and SAIC.
The worst data breach of 2011, according to PRC, was the hacking of Sony's Play Station, which allowed the intruders to gain access to more than 100 million customer records. No. 2 was a security breach at 75 companies served by email provider Epsilon; that incident involved 50 million to 60 million people. The fourth worst breach occurred at the Texas Comptrollers' Office, where data from three state agencies ended up on a public server and stayed there for a year. Up to 3.5 million people may have had their data exposed.
A recent report by the Ponemon Institute found that the number of reported security breaches at healthcare organization increased by 32 percent in 2011. The report estimated that security failures cost the U.S. healthcare industry about $6.5 billion a year.