August 4, 2016

Healthcare Data Breaches Show No Signs of Slowing

3 minute read

The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data had some unfortunate though predictable results. Many organizations lack the resources and budget to properly fight these breaches despite their increasing frequency.

This study also included business associates which are organizations that perform services for an entity that handle protected health information (PHI). This is an important note as the more connected businesses become, the more potential that exists for a breach, even if that happens outside the healthcare organization. The Ponemon institute, which conducted the study, estimates that the average cost per breach is $2.2 million.

A Few Key Findings

  • Thirty-eight percent of healthcare organizations and 26 percent of BAs are aware of medical identity theft cases affecting patients and customers
  • An overwhelming majority of healthcare organizations (69 percent) and business associates (63 percent) believe they are at greater risk than other industries for a data breach
  • The top reasons for healthcare organizations are a lack of vigilance in ensuring their partners and other third parties protect patient information (51 percent) and not enough skilled IT security practitioners (44 percent)
  • In contrast, business associates say their vulnerabilities are due to employees’ negligence in handling patient information (54 percent) and a lack of technologies to mitigate a data breach (50 percent)
  • Sixty-three percent of respondents agree that policies and procedures are in place to effectively prevent or quickly detect unauthorized patient data access, loss or theft. This is an increase from 58 percent in the 2015 study
  • When healthcare organizations were asked what type of security incident worries them most, by far it is the negligent or careless employee (69 percent of respondents). Forty-five percent of respondents say it is cyber attackers and 30 percent say it is the use of insecure mobile devices
  • Sixty percent of respondents in healthcare organizations and 54 percent of respondents in business associates say their organizations assess vulnerabilities to a data breach. However, it is most often done on an annual basis
  • Eighty-nine percent of healthcare organizations had at least one data breach involving the loss or theft of patient data in the past 24 months. Forty-five percent had more than 5 breaches. Sixty-one percent of business associates had at least one data breach involving the loss or theft of patient data in the past 24 months. In fact, 28 percent say their organization had more than 2 breaches

The results of this annual report are certainly concerning, especially considering our health records are extremely sensitive information. Although the technical issues and requirements are constantly being updated to thwart the latest attacks, the best defense against major issues from a data breach is a strong information governance program.

With the right people, processes and technology any organization can mitigate the potential legal and financial issues that a data breach can cause.

Receive News Updates As Soon As They Happen