Gartner Blog Network

Big “A” Data Leads to Big “B” Breaches

by Jack Santos  |  January 16, 2012  |  Comments Off on Big “A” Data Leads to Big “B” Breaches

This post isn’t about Big Data (a currently trendy term), but it is about data and breaches – and its implications.  We are fortunate that current health care laws require that the federal government be notified of breaches of personal health care information (PHI)  – and that data is downloadable at a publicly accessible website.  Recent months have seen an increase in breaches.

So, I thought, what if we used standard trending analysis to determine what the worst case growth scenarios for breaches were?

So I ended up with three scenarios – and my basic question was “When would 100% of current US population be exposed by a breached health record?”

Scenario One: Exponential growth.


I can’t make an argument that we would expect anything near exponential growth in breaches; but as compliance reporting increases, the family-relations effects magnify, and bad guys get PHI on their radar, it is not outside the realm of possibility.  This graph shows that growth, based on the 2 year history to date.  Expected date when 100% of the current US population has its PHI in the wild?  June 1 2013.

Scenario Two: Straight line growth


More realistic, this straight line growth reflects the full 2 years of history.  100% breach would be May 1 2047, but 50% of the US population would be living with exposed records by June 1, 2025.

Scenario Three: Straight line growth based on the last 4 months of data


The argument can be made that the breach trend has increased significantly over the past 4 months – and that the prior 18 months reflected a startup phase (for both reporting, and bad actors).  Using 4 months worth of data as a basis, the date at which 100% of the US population is dealing with breached health care data is  April 1, 2024.

What can safely be said is that we don’t know of any initiative that will properly safeguard health records – in fact, it’s almost impossible to completely and with certainty safeguard your PHI.  This is true even with GRC efforts (as described in one of our recent Gartner reports by Trent Henry:  “IT Governance, Risk, and Compliance Management Solutions“)

Maybe this plays into my colleague’s (Bob Blakley’s) Maverick research about the death of authentication.  Or maybe this is just another indicator of lies, damned lies, and statistics.

Admittedly, this isn’t scientific, nor peer reviewed by any means.  It reflects a static population at 307 Million.

But it is troubling.  Should the  political concern about Medicare bankruptcy shift to health data insolvency?

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: healthcare  information-management  predictions  security  

Tags: healthcare  predictions  security  

Jack Santos
Research VP
7 years at Gartner
40 years IT industry

Jack Santos is a Research Vice President with Gartner, part of the Enterprise Architecture and Technology Innovation team within the Gartner for IT Leaders product. He focuses on enterprise architecture and technology trends. Mr. Santos' specific area of research covers individual development, leadership and management practices for enterprise architects, EA innovation, and collaboration approaches. Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.