In U.S. Department of Health and Human Services' annual report to Congress, Secretary Kathleen Sebelius reported that between Jan. 1, 2010, and Dec. 31, 2010, breaches involving 500 or more individuals were less than 1% of the breaches reported, but accounted for more than 99% of the more than 5.4 million individuals who were affected. As part of the Health IT for Economic and Clinical Health Act, the HHS secretary is required to annually report to Congress on the number and nature of data breaches, and actions taken to respond to the breaches. The number is growing because between Sept. 23, 2009, and Dec. 31, 2009, breaches involving 500 or more individuals were less than 1%, but accounted for more than 99% of the more than 2.4 million individuals affected by a breach of protected health information. The largest breaches occurred as a result of a theft, an error, or failure to adequately secure protected health information. The greatest number of incidents resulted from human or technological error and involved the protected health information of just one individual, HHS' report said. The largest breaches in 2010, much like 2009, occurred as a result of a theft, HHS reported.