Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Healthcare Data Breaches Show No Signs of Slowing

The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data had some unfortunate though predictable results. Many organizations lack the resources and budget to properly fight these breaches despite their increasing frequency.

This study also included business associates which are organizations that perform services for an entity that handle protected health information (PHI). This is an important note as the more connected businesses become, the more potential that exists for a breach, even if that happens outside the healthcare organization. The Ponemon institute, which conducted the study, estimates that the average cost per breach is $2.2 million.

A Few Key Findings

  • Thirty-eight percent of healthcare organizations and 26 percent of BAs are aware of medical identity theft cases affecting patients and customers
  • An overwhelming majority of healthcare organizations (69 percent) and business associates (63 percent) believe they are at greater risk than other industries for a data breach
  • The top reasons for healthcare organizations are a lack of vigilance in ensuring their partners and other third parties protect patient information (51 percent) and not enough skilled IT security practitioners (44 percent)
  • In contrast, business associates say their vulnerabilities are due to employees’ negligence in handling patient information (54 percent) and a lack of technologies to mitigate a data breach (50 percent)
  • Sixty-three percent of respondents agree that policies and procedures are in place to effectively prevent or quickly detect unauthorized patient data access, loss or theft. This is an increase from 58 percent in the 2015 study
  • When healthcare organizations were asked what type of security incident worries them most, by far it is the negligent or careless employee (69 percent of respondents). Forty-five percent of respondents say it is cyber attackers and 30 percent say it is the use of insecure mobile devices
  • Sixty percent of respondents in healthcare organizations and 54 percent of respondents in business associates say their organizations assess vulnerabilities to a data breach. However, it is most often done on an annual basis
  • Eighty-nine percent of healthcare organizations had at least one data breach involving the loss or theft of patient data in the past 24 months. Forty-five percent had more than 5 breaches. Sixty-one percent of business associates had at least one data breach involving the loss or theft of patient data in the past 24 months. In fact, 28 percent say their organization had more than 2 breaches

The results of this annual report are certainly concerning, especially considering our health records are extremely sensitive information. Although the technical issues and requirements are constantly being updated to thwart the latest attacks, the best defense against major issues from a data breach is a strong information governance program.

With the right people, processes and technology any organization can mitigate the potential legal and financial issues that a data breach can cause.

By Andrew Borgschulte

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.