Lucas123 writes "Over the past three years, about 21 million patients have had their unencrypted medical records exposed in data security breaches that were big enough to require they be reported to the federal government. Each of the 477 breaches that were reported to the Office for Civil Rights (OCR) involved 500 or more patients, which the government posts on what the industry calls 'The Wall of Shame.' About 55,000 other breach reports involving fewer than 500 records where also reported to the OCR. Among the largest breaches reported was TRICARE Management Activity, the Department of Defense's health care program, which reported 4.9 million records lost when backup tapes went missing. Another five breaches involved 1 million or more records each. Yet, only two of the organizations involved in the breaches have been fined by the federal government."