Much has been made about the web-site link of the folks that have reported breaches. Althought difficult to know, the bigger question maybe how many organizations had similar breaches but did not report. The folks that reported are complying with the law by reporting. It will be interesting to see what happens when PHI from an unreported breach is traced back to an organization. My guess, is that will send shock waves to those who do not have a good process for identifying, mitigating and reporting breaches.