[Skip to Content]
[Skip to Content Landing]
Views 104
Citations 0
Comment & Response
November 2017

The Need for Better Data Breach Statistics—Reply

Author Affiliations
  • 1The Johns Hopkins Carey Business School, Washington, DC
  • 2Eli Broad College of Business, Michigan State University, East Lansing
  • 3Miller College of Business, Ball State University, Muncie, Indiana
JAMA Intern Med. 2017;177(11):1696-1697. doi:10.1001/jamainternmed.2017.4929

In Reply We thank Drs Fabbri et al for their insightful comments. We would like to clarify several points that might help readers interpret our study.

We agree with Drs Fabbri et al that the “500 affected individual threshold” established by the US Department of Health and Human Services (HHS) for public reporting makes it more likely to identify data breaches in large hospitals. We acknowledged this as an important limitation in the letter.1 However, large hospitals possess a significant amount of protected health information (PHI). Combined with teaching hospitals’ needs for broad data access, this creates significant targets for cyber criminals compared with smaller institutions that might be the main reason for their relatively high risks of data breaches.