The number of people affected by health care data breaches drastically dropped from 2011 to 2012, according to an analysis of the latest report from the U.S. Department of Health and Human Services.

Data breaches impacted 2.5 million people in 2012, a precipitous fall from 2011, when 11 million people were affected, noted Gartner Research Vice President Jack Santos in a blog post on Monday.

"Well I am happy to say that we are off the curve to have 50 percent of the population breached for health care data by 2025," he wrote.

Santos' analysis jibes with a report earlier this year from Redspin, which provides penetration testing, risk management and compliance services to a number of industries, including health care providers.

In its report released in February, Redspin noted that while the number of large breaches in 2012 increased 21.5 percent over 2011, the number of patient records affected by the breaches dropped 77 percent.

Santos cited three possible reasons for the plummeting numbers:

In its report, Redspin maintains that tougher regulations and high-profile settlements contributed significantly to the year-to-year fall in affected clients.

The report said more hospitals have begun to conduct security risk assessments mandated by federal law and regulation, while the federal agency charged with protecting the privacy and security of medical records -- the Office for Civil Rights (OCR) -- began to impress on the industry that the regulators were serious about privacy and security through fines and monetary settlements.

[Also see: Law firms see big money in healthcare breach cases]

"During the same time period, OCR began to wield its enforcement authority, publicly announcing several high profile investigations that resulted in breach resolution agreements," the report said.

Here is the original post:

Health care breach victims plummet