Since 2009, there have been 1,187 incidents where health information protected by HIPAA was hacked, improperly disclosed, lost or stolen involving more than 41 million individuals, according to reports to the U.S. Department of Health and Human Services. Those cases only include instances where more than 500 records were involved. Matters involving fewer records don’t have to be reported.