A full 89% of healthcare organizations and 60% of their business associates have experienced data breaches over the past two years. And 79% of healthcare organizations experienced multiple data breaches (two or more) in that time periodup 20% since 2010.
Overall, breaches in healthcare are costing the industry $6.2 billion per year, according to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, conducted by Ponemon Institute and sponsored by ID Experts. They remain consistently high in terms of volume, frequency, impact and cost.
In fact, breaches have yet to decline since 2010despite a slight increase in awareness and spending on security technology. More than one-third, or 34%, of healthcare organizations experienced two to five breaches. And nearly half of healthcare organizations, or 45%, had more than five breaches. While recent large healthcare data breaches have heightened the industry’s awareness of the growing threats to patient data and have led to an improvement in security practices and policy implementation, respondents say that not enough is being done to curtail or minimize the risks.
Criminal attacks are the leading cause of data breaches in the verticalup 5% to 50% this year. Medical records are the most commonly exposed data, followed by billing and insurance records, and payment details. While the majority of breaches are small (under 500 records) and are not reported to the US Department of Health and Human Services (HHS) and the media, the financial impact is significant.
Hackers arent the only issue for the sector. Mistakes (unintentional employee actions, third-party snafus and lost/stolen computer devices) are cited as the root cause of the other half of data breaches.
“In the last six years of conducting this study, it’s clear that efforts to safeguard patient data are not improving. More healthcare organizations are experiencing data breaches now than six years ago,” said Larry Ponemon, chairman and founder, Ponemon Institute. “Negligencesloppy employee mistakes and unsecured deviceswas a noted problem in the first years of this research and it continues. New cyber threats, such as ransomware, are exacerbating the problem.”
And, hospitals and clinics also lack the budget, people resources and expertise to manage data breaches caused by employee negligence and evolving cyber threats, including the newest threat cited for 2016: ransomware. Nearly half of healthcare organizations, and more than half of their business associates, have little or no confidence that they can detect all patient data loss or theft. The findings also show that as a result, many healthcare organizations and their third-party business associates are negligent in the handling of sensitive patient information…
Comment:*
Nickname*
E-mail*
Website
Save my name, email, and website in this browser for the next time I comment.
