3.2 million Massachusetts residents had personal information lost or stolen

The report found that the financial services industry had the largest number of data breaches over the last four years, with 955 incidents exposing data on over 900,000 state residents. Overall, there were 1,833 data breaches over the four year period covered by the report.

The healthcare industry exposed information on 984,000 residents as a result of 214 breaches, including one breach at South Shore Hospital in which information on 800,000 patients was lost.

The vast majority of data breaches involved the loss of electronic information. Of the reported breaches, 1,336 were for electronic breaches, affecting 3,079,677 people - 97% of all the people affected by a reported data breach.

Of the 365 portable devices reported lost or stolen over the last four years, only 13 were encrypted, despite state regulations requiring portable electronic devices to be encrypted. Of the 75 lost or misplaced portable devices reported, only one was encrypted, compromising 1.2 million pieces of information. Of the 290 stolen portable devices stolen, 12 were encrypted, protecting 4,110 pieces of information. The 277 unencrypted devices exposed 220,000 pieces of information.

“It’s taking businesses and institutions longer than we’d hope to encrypt these devices. That would certainly cut back enormously on the number of breaches where consumers data is more vulnerable. Businesses, institutions, and others need to do a better job protecting the information of individuals. There is still a lot of work to be done’’, Barbara Anthony, the state’s consumer affairs and business regulation undersecretary, was quoted by the Boston Globe as saying.

Just last year, businesses and organizations in Massachusetts reported 454 breaches that affected over a million residents, compared with 471 incidents in 2008 that put at risk data from about 717,053 consumers, the first full year that institutions were required to notify the state, the newspaper noted.

What’s Hot on Infosecurity Magazine?