This year I have been rounding up statistics about healthcare IT security and recently some of them were transformed into a very informative infographic by a few of my more creative ESET colleagues. Taken together with the current expansion of America's privacy and security regulations, these numbers point to a lot of privacy holes and clearly indicate "There's a lot of security work to be done."

ESET-healthcare-infographic

Note that the source of the average number of PHI records breached per day (17,000) is a combination of the database published by the Department of Health and Human Services (breaches affecting 500 or more individuals) and statements in the Congressional Record (Federal Register, Vol. 78, No. 17 January 25, 2013, Page 5671), relating to breaches affecting under 500 persons. While there is no indication that all, or even most, of the individuals whose PHI was exposed in these breaches suffered any harm, the number still strikes me as extremely disappointing, particularly since a. it has not improved over time, and b. it is lower than the HHS estimate for the next 12 months (18,383).

Also note that I recently recorded a webcast on the new HIPAA that you can watch. If you would like a copy of the slides that I used in the webcast please email a request to stephen [dot] cobb [at] eset [dot] com. Also check out ESET Solutions for Healthcare for more helpful resources.