yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.

2008 West
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
Red Hat
The Opening of Virtualization
User Environment Management – The Third Layer of the Desktop
Cloud Computing for Business Agility
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Return on Assests: Bringing Visibility to your SOA Strategy
Managing Hybrid Endpoint Environments
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
How Can AJAX Improve Homeland Security?
Beyond Widgets: What a RIA Platform Should Offer
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
Today's Top SOA Links

HITRUST’s Analysis of U.S. Breach Data Finds Little Progress and Concern for Un-reported Breaches

According to the Health Information Trust Alliance’s (HITRUST) analysis of U.S. healthcare data breaches from 2009 to the present, the healthcare industry has made little progress in reducing the number of breaches with troubling statistics seen from the same types of organizations, breaches and locations. The retrospective analysis of breaches affecting 500 or more individuals indicates a slight decline in the total number of breaches during the past three years, but overall the industry’s susceptibility to certain types of breaches has been largely unchanged since breach data became available from the U.S. Department of Health and Human Services (HHS) and the new HIPAA and HITECH Act regulations went into effect.

HITRUST periodically analyzes the breach data from HHS and other sources and makes it freely available to the industry to inform organizations of trends and continuing security and privacy risks, and to direct modifications to HITRUST programs and requirements.

“By conducting and publicizing this analysis, we believe that over time we can facilitate a fundamental shift in the healthcare industry toward achieving a state of security and privacy that is on par with other leading industries,” said Daniel Nutkis, chief executive officer, HITRUST. “While the data itself is not terribly surprising, it does serve as a critical reminder of the education and improvement that still needs to occur across the industry, regardless of organization type and size. I believe this is why HITRUST continues to see increasing adoption numbers for the HITRUST Common Security Framework (CSF) and participation in the CSF Assurance Program, especially from organizations that have made the commitment to train their security and privacy professionals so that they have the necessary knowledge and skills.”

A close look at the HHS data reveals that since 2009 the industry has experienced 495 breaches involving 21 million records at an estimated cost of $4 billion. With the annual number of total breaches remaining fairly consistent, hospitals and health systems is one of the few groups that can claim some improvements in protecting health information with the largest decline in reported breaches. This group experienced a decline of 71 percent from 2010 to 2011 in the number of breaches, and for the first two quarters of 2012 has only experienced 14 breaches (compared with a total of 48 for 2011). Health plans have also seen a steady decline in breaches since 2009 and have not had to post since the first quarter of 2012.

“We are seeing healthcare providers adopting the HITRUST CSF at a greater rate than other segments, which could be attributed to escalating pressures faced by this industry segment relating to the protection of health information,” said Nutkis. “This group is also leveraging guidance from the CSF Assurance Program that focuses on the high risks for healthcare such as unencrypted devices in support of their meaningful use attestations.”

In addition, HITRUST believes that Stage 1 meaningful use may have incentivized and/or raised awareness for the need for security, particularly in the most likely areas of laptops, desktops and mobile media. However, the data indicates that physician practices, which should be similarly motivated by meaningful use incentives, have continued to demonstrate a lack of progress. This is especially true of smaller physician practices where those with one-to-100 employees account for over 60 percent of the breaches reported in the segment. The analysis indicates that organizations such as these likely lack the awareness and resources in order to adequately recognize the issues and take actions to preempt future breaches. As the interconnectivity of organizations increases through community health records and health information exchanges, small practices may pose a new and significant risk to larger entities that have begun to get a handle on security and privacy.

HITRUST believes that in order for there to be a significant decline in the total number of breaches, the industry must find a way to reach physician practices and provide them with simple cost-effective solutions to their biggest challenges. A step in the right direction would be to provide these smaller organizations – and the industry as a whole – with education tailored to security in healthcare in conjunction with more automated and sophisticated methods to identify and correct risks. This enables small organizations to more easily acquire the necessary skills supplemented by technology so they too can be successful. The HITRUST report provides recommendations for physician practices needing to proactively address their security initiatives.

Surprisingly, reported hacking and malware infections remain low, accounting for a total of eight percent of the breaches. “Data we receive from other sources strongly indicates that U.S. healthcare organizations of all types are experiencing data loss due to viruses, attacks by cyber criminals, password sharing by clinicians, and the prevalence of vulnerabilities in electronic health record (EHR) technologies that are not communicated,” said Nutkis.

HITRUST recently launched the Cyber Threat Analysis Service (CTAS) in partnership with iSIGHT Partners to identify and analyze cyber threats to the U.S. healthcare industry. The CTAS has published more than a half-dozen reports of healthcare data being exploited in underground message boards by cybercriminals from the U.S., Russia and China that cannot be linked back to the reported breaches from HHS. In addition, the service has found that malware is present on approximately 30 percent of endpoint devices in smaller healthcare organizations.

A November 2012 report from the CTAS highlights this new dynamic in the cause for breaches with the observation that a database containing personally identifiable information (PII) and protected health information (PHI) was advertised for purchase on a prominent cybercrime forum.

HITRUST’s own assessment data suggests many breaches may go unreported or undiscovered. Nutkis continued, “because of the gap between the breach data and other sources, we believe the breaches being reported are not all inclusive. While we do not have a sense of the exact magnitude, given the cyber threats that healthcare and other industries face, we believe it must continue to be taken seriously.”

The HITRUST analysis also identified other areas of concern for the industry:

  • Even in this electronic age, breaches of paper records remain significant among the leading segments (providers, payers, government) with errors in mailing and disposal of records playing a substantial role in some of the highest profile paper-based breaches. Since 2009, paper records comprise 24 percent of healthcare breaches, second only to laptops.
  • Business associates continue to account for a significant number of breaches (21 percent) and are implicated in a majority of the records breached to-date (58 percent). This continues to be a problem across all organization types, with physician practices struggling the most.
  • The average time to notify individuals and HHS following a breach is 68 days, with over 50 percent of organizations failing to notify within the 60 day deadline set by HITECH.

The results of HITRUST’s analysis of breach data are influencing updates to the 2013 version of the HITRUST CSF – available in January 2013 – and modifications to the CSF Assurance Program. The program is being updated to align with Stage 1 and 2 meaningful use requirements, and provide adequate coverage for high risks, including endpoint security, third party assurance, and continued requirements for secure disposal. HITRUST is developing and will be releasing detailed illustrative procedures alongside the 2013 updates to provide standardized, industry-approved audit and assessment guidance to HITRUST CSF Assessors, covered entities and business associates.

The HITRUST report – “A Look Back: U.S. Healthcare Data Breach Trends” – is publically available for download at along with an infographic of the analysis. The report includes in-depth analysis of the breach data and provides recommendations for addressing issues relating to security for endpoint devices, mobile media, paper records, business associates and physician practices.


The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit

All product and company names herein may be trademarks of their respective owners.

About Business Wire
Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Web 2.0 Latest News
The developments in Google’s Cloud Computing segment, especially the Cloud Machine Learning service, have been so rapid that Google calls it one of its fastest growing product areas. Google has been ramping up their Cloud Platform quite aggressively in recent months. Just a few weeks a...
Hiring a digital marketer starts as soon as you plan to launch a prototype of your innovative idea. But, without knowing anything about digital marketing, you may not be able to reach out to investors and target audiences. You can follow the following basic points to know the significa...
When we talk about the impact of BYOD and BYOA and the Internet of Things, we often focus on the impact on data center architectures. That's because there will be an increasing need for authentication, for access control, for security, for application delivery as the number of potentia...
While walking around the office I happened upon a relatively new employee dragging emails from his inbox into folders. I asked why and was told, “I’m just answering emails and getting stuff off my desk.” An empty inbox may be emotionally satisfying to look at, but in practice, you shou...
An update to the Web Content Accessibility Guidelines (WCAG) is coming. Did I lose you already? If you're not familiar with WCAG, it's a collection of guidelines that developers, designers and accessibility experts use to help ensure the apps and websites they create are accessible to ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers