Skyrocketing Breaches?
One often hears that the rate of breaches in the healthcare industry is skyrocketing. Indeed, well over 30 million patient records have been breached in the United States alone since mandatory reporting was instituted in 2009. But the wild-eyed claims of soaring breach rates are not borne out by the data. Breach occurrence has been quite stable over the past five years, when measured in an actuarial context, and can be reasonably projected for future years.
Our research shows a strong correlation between breach rate and number of employees working in an organization such as a healthcare provider. (This is true in other industries as well.) We used the U.S. Department of Health and Human Services database of PHI breaches reported under the 2009 HITECH Act,5 and broke down the breach occurrence rate for each year by state. Plotting against the healthcare employment data by state in Figure B.2 shows a linear relationship.