Healthcare IT security: infographic stats point to big privacy holes

This year I have been rounding up statistics about healthcare IT security and recently some of them were transformed into a very informative infographic by a few of my more creative ESET colleagues. Taken together with the current expansion of America’s privacy and security regulations, these numbers point to a lot of privacy holes and clearly indicate “There’s a lot of security work to be done.”


Note that the source of the average number of PHI records breached per day (17,000) is a combination of the database published by the Department of Health and Human Services (breaches affecting 500 or more individuals) and statements in the Congressional Record (Federal Register, Vol. 78, No. 17 January 25, 2013, Page 5671), relating to breaches affecting under 500 persons. While there is no indication that all, or even most, of the individuals whose PHI was exposed in these breaches suffered any harm, the number still strikes me as extremely disappointing, particularly since a. it has not improved over time, and b. it is lower than the HHS estimate for the next 12 months (18,383).

Also note that I recently recorded a webcast on the new HIPAA that you can watch. If you would like a copy of the slides that I used in the webcast please email a request to stephen [dot] cobb [at] eset [dot] com. Also check out ESET Solutions for Healthcare for more helpful resources.

Author Stephen Cobb, ESET

  • Andrew

    And those figures, of course, are just what is actually reported to HHS. Breaches greater than 500 require reporting to HHS, yes, and also to patients. This is a do not do unless absolutely necessary/it’s about to come out so save done face scenario for many practices. Many things that constitute a breach, like a terminated employee still logging on or having cached records on their byod, will be swept under the carpet if there is even adequate auditing to show such (used to be SMB healthcare IT infosec)

  • Response Data Comms

    Shocking statistics!! We’re so keen to advise our customers about Data Security and the measures they need to take to secure their data and their networks. Apparently, on average only 5% of a companies IT budget is committed to security… but it goes to show how people refuse to believe that data breaches of this nature could happen to them. “$200 per record” that is what is worked out to be the figure you can put on a data breach?! Companies need to get smart and realise just how valuable their data is.
    Business cannot afford to ignore this any longer. Maybe it all comes down to education, and if any companies out there do need help or advise, feel free to get in touch on There’s also a range of free help guides on our website
    Thanks again for your post Stephen. Very powerful stats.

    • Stephen Cobb

      Appreciate the comment. To clarify, the per record cost number I know best, from Ponemon Institute is $198 in Germany, $188 in the use, and $136 global average. The UK number is $132 per record.

Follow us

Copyright © 2017 ESET, All Rights Reserved.