Information Security Incidents

--HHS Posts List of Reported Health Data Breaches (February 23, 2010) The US Department of Health and Human Services (HHS) has posted a list of organizations that have suffered breaches of unsecured protected health information affecting 500 or more individuals. The posting of the list is required under the HITECH Act. HHS breach notification rules require that organizations report such breaches to HHS and the media within 60 days. Breaches affecting fewer than 500 people must be reported annually. The list includes 36 separate breaches and affects more than 1 million individuals; the majority of the breaches involved computer theft, unauthorized access and missing or stolen data storage devices.