The OCR reports 54 data breach incidents affecting more than 500 people in first six months of 2014. About half are related to theft, most commonly involving laptops, desktop computers and other portable electronic devices. Compared to 2013, the percentage of breaches related to theft has increased (Redspin 2013 Breach Report). Theft is responsible for the greatest number of people affected due to each incident and overall theft incidents totaling over half a million people since the start of this year. States with largest populations, California, Texas, New York and Florida had the most reported breaches and largest numbersof people affected .
Many of these breach incidents involving theft or loss could have been simply avoided with encryption. In 2013, the estimated the cost of a breach to be approximately $233/breached record, but this does not include any recovery actions, possible legal actions, or extended credit services (Ponemon 2013 Cost of Data Breach Study). Projected cost estimates for 2014 are increased at least 15% compared to last year. Even more surprising than breaches related to theft, loss or unauthorized access/disclosure is the vulnerability of hacking into healthcare related devices. Commonly used items in the healthcare field that may be overlooked during a security risk assessment and have been shown to emit malicious traffic:
- Virtual private network
- Radiology software
- Mail Servers