Redspin Issues Annual Healthcare Data Breach Report

Expert IT security assessment firm explains why hackers are targeting healthcare; says cost of Anthem breach could exceed $1 billion dollars

Feb 24, 2015, 06:00 ET from Redspin, Inc.

CARPINTERIA, Calif., Feb. 24, 2015 /PRNewswire/ -- Redspin, Inc., a leading provider of penetration testing and healthcare IT security assessment services, today released its 2014 Breach Report: Protected Health Information (PHI). In its 5th annual report, Redspin provides in-depth analysis of the history of large PHI data breaches, highlights year-over-year trends, and identifies operational areas most in need of improvement.

Redspin reports that over 40 million Americans suffered a breach of their personal health information from 2009 through the end of 2014. The company notes that this does not include the 80 million record breach at Anthem which was made public in January 2015. "From here on, all PHI breach statistics are going have to be reported as 'pre- or post-Anthem,'" says Daniel W. Berger, President and CEO of Redspin. "It's that big. We wouldn't be surprised to see the costs of the Anthem breach exceed a billion dollars."

In 2014 alone, 164 incidents of breaches of PHI were reported to the HHS Office of Civil Rights (OCR), impacting nearly 9 million patient records. This was a 25% increase over 2013.  More than 50% of the 2014 totals were caused by hacking attacks, including a 4.5 million patient record breach at Community Health Systems (CHS) in Franklin, Tennessee. "It was only a matter of time before hackers targeted hospitals," adds Berger. "Health records are very valuable on the black market."

Redspin's report includes recommendations on how healthcare organizations can better protect themselves against hackers and other high breach risks. A copy of the full Redspin report can be downloaded here:

Logo -


SOURCE Redspin, Inc.