Blog post

Big “A” Data Leads to Big “B” Breaches

By Jack Santos | January 16, 2012 | 0 Comments

This post isn’t about Big Data (a currently trendy term), but it is about data and breaches – and its implications.  We are fortunate that current health care laws require that the federal government be notified of breaches of personal health care information (PHI)  – and that data is downloadable at a publicly accessible website.  Recent months have seen an increase in breaches.

So, I thought, what if we used standard trending analysis to determine what the worst case growth scenarios for breaches were?

So I ended up with three scenarios – and my basic question was “When would 100% of current US population be exposed by a breached health record?”

Scenario One: Exponential growth.

image

I can’t make an argument that we would expect anything near exponential growth in breaches; but as compliance reporting increases, the family-relations effects magnify, and bad guys get PHI on their radar, it is not outside the realm of possibility.  This graph shows that growth, based on the 2 year history to date.  Expected date when 100% of the current US population has its PHI in the wild?  June 1 2013.

Scenario Two: Straight line growth

image

More realistic, this straight line growth reflects the full 2 years of history.  100% breach would be May 1 2047, but 50% of the US population would be living with exposed records by June 1, 2025.

Scenario Three: Straight line growth based on the last 4 months of data

image

The argument can be made that the breach trend has increased significantly over the past 4 months – and that the prior 18 months reflected a startup phase (for both reporting, and bad actors).  Using 4 months worth of data as a basis, the date at which 100% of the US population is dealing with breached health care data is  April 1, 2024.

What can safely be said is that we don’t know of any initiative that will properly safeguard health records – in fact, it’s almost impossible to completely and with certainty safeguard your PHI.  This is true even with GRC efforts (as described in one of our recent Gartner reports by Trent Henry:  “IT Governance, Risk, and Compliance Management Solutions“)

Maybe this plays into my colleague’s (Bob Blakley’s) Maverick research about the death of authentication.  Or maybe this is just another indicator of lies, damned lies, and statistics.

Admittedly, this isn’t scientific, nor peer reviewed by any means.  It reflects a static population at 307 Million.

But it is troubling.  Should the  political concern about Medicare bankruptcy shift to health data insolvency?

Comments are closed