Healthcare Data Breaches Cost $6.2 Billion Per Year

Healthcare Data Breaches Cost $6.2 Billion Per Year
May 13 01:00 2016

A full 89% of healthcare organizations and 60% of their business associates have experienced data breaches over the past two years. And 79% of healthcare organizations experienced multiple data breaches (two or more) in that time period—up 20% since 2010.

Overall, breaches in healthcare are costing the industry $6.2 billion per year, according to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, conducted by Ponemon Institute and sponsored by ID Experts. They remain consistently high in terms of volume, frequency, impact and cost.

In fact, breaches have yet to decline since 2010—despite a slight increase in awareness and spending on security technology. More than one-third, or 34%, of healthcare organizations experienced two to five breaches. And nearly half of healthcare organizations, or 45%, had more than five breaches.
While recent large healthcare data breaches have heightened the industry’s awareness of the growing threats to patient data and have led to an improvement in security practices and policy implementation, respondents say that not enough is being done to curtail or minimize the risks.

Criminal attacks are the leading cause of data breaches in the vertical—up 5% to 50% this year. Medical records are the most commonly exposed data, followed by billing and insurance records, and payment details. While the majority of breaches are small (under 500 records) and are not reported to the US Department of Health and Human Services (HHS) and the media, the financial impact is significant.

Hackers aren’t the only issue for the sector. Mistakes (unintentional employee actions, third-party snafus and lost/stolen computer devices) are cited as the root cause of the other half of data breaches.

“In the last six years of conducting this study, it’s clear that efforts to safeguard patient data are not improving. More healthcare organizations are experiencing data breaches now than six years ago,” said Larry Ponemon, chairman and founder, Ponemon Institute. “Negligence—sloppy employee mistakes and unsecured devices—was a noted problem in the first years of this research and it continues. New cyber threats, such as ransomware, are exacerbating the problem.”

And, hospitals and clinics also lack the budget, people resources and expertise to manage data breaches caused by employee negligence and evolving cyber threats, including the newest threat cited for 2016: ransomware. Nearly half of healthcare organizations, and more than half of their business associates, have little or no confidence that they can detect all patient data loss or theft. The findings also show that as a result, many healthcare organizations and their third-party business associates are negligent in the handling of sensitive patient information…

Read full story at Infosecurity Magazine
  Article "tagged" as:
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment