Blog
HIPAA
Stay Off the HHS Naughty List

Stay Off the HHS Naughty List

Brand degradation and patient exodus will likely occur every time an organization shames their name through a data breach.

Tod Ferran
Updated
December 16, 2022
Posted
May 14, 2014
HIPAA
Stay Off the HHS Naughty List

HHS Wall of Shame exposes the not so careful…

With an average of 1.5 million unique visitors per month on hhs.gov (complete.com), the Wall of Shame is an extremely public record of healthcare organizations with PHI breaches of 500 records or more. The interesting thing about the Wall of Shame is that it’s actually a requirement of HITECH [section 13402(e)(4)] that The Department of Health and Human Services (HHS) Secretary enables public awareness of patient data breaches.

Don’t want to end up on the Wall? Get more info on HIPAA compliance plans, vulnerability scans, and HIPAA Privacy and Security policies.

According to Cintas, two-thirds of US adults would not return to a business (or healthcare organization) if their personal information were stolen. I can say with confidence that brand degradation and patient exodus will likely occur every time an organization shames their name through a data breach. How do I know this? As a well-informed patient, I always check The Wall before giving my business (and information!) to a new dentist or doctor.

What do the stats tell us?

By analyzing the Wall of Shame, I can tell you that as of May 2014:

  • The total number of breaches reported to the HHS exceeds 990
  • 238 organizations were reported on the WoS as breached in 2013 (that’s 4.5 breaches a week!)
  • 7.7 million records were compromised in 2013
  • In the history of the Wall of Shame, 72 breaches occurred because of hacking
  • The three largest breaches ever reported were 4,901,432 (TRICARE), 4,029,530 (Advocate Health and Hospitals Corporation) and 1,900,000 (Health Net, Inc.)
  • 7 health care organizations reported security breaches that involved one million or more records
  • In the history of the Wall of Shame, the total number of individuals affected is over 31 million.
  • Business associates are involved in 27% of reported breaches
  • Who knows how many records unreported breaches (under 500 individuals affected) would add to this list…

"It'll never happen to me"

If you are a healthcare organization, I hope this post has inspired you to reconsider the common false assumptions of medical practices nationwide. “It’ll never happen to me.” “My legal guy takes care of HIPAA.” Those thoughts are what get organizations breached and sent into the corner wearing a dunce cap.
Was this post interesting? Then share it!

Join Thousands of Security Professionals.

Subscribe Now

Get the Guide to HIPAA Compliance

Download

Get a Quote for HIPAA Compliance

Request a Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart Inspect (PCI Req. 11.6.1)Shopping Cart Monitor (PCI Req. 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000