- There are only 3 entries that are hacking. Resulting in a little over 12k patients exposed.
- There are only 7 entries that are ‘unauthorized access’, which I assume means that someone was given access under a liberal access control policy but were caught accessing records they should not be. Such as a VIP, which given how few VIPs there are these would not be reported. So the access are more like the Coral Gables couple. These 7 entries resulted in 37k patients exposed
- Where as there are 11 entries that seem to indicate human error, resulting in 103k patients exposed. I included in this group the ‘loss’ and ‘other’. Given the other information this seemed like the right thing to do with these.
- And Good-Old-Fashioned physical theft account for 31 entries and 1 Million patients exposed
- 23 of these look like they could be just theft of some technology to be pawned.
- Which leaves 8 entries that the theft is of paper, backup tapes, CDs… clearly after the data
- 2 of the 31 entries are network servers, the rest are portable devices, laptops, or desktops (which I assume were out in the open).
It is amazing what I can draw from simple data. I could be 100% wrong. I am not a professional statistician nor do I play one on TV. It is interesting that this is data before the Meaningful Use, HIE and NHIN push. It will be interesting (I hope not) to see what these statistics look in 2015.
Update: Nice graphical representation of these breach stats: http://www.symtym.com/2010/06/breach-analysis.html