Data Breaches Cost Healthcare Firms $5.6 Billion Annually: Ponemon Institute

Add Your Comments

Criminal attacks on healthcare systems have doubled since 2010, but data breaches declined in both number and size in 2013, according to a report published by the Ponemon Institute. The Fourth Annual Benchmark Study on Patient Privacy and Data Security was sponsored by ID Experts, and identifies several areas of concern for healthcare organizations.

Data breaches cost healthcare organizations $5.6 billion annually, though the losses are not evenly spread throughout the sector. Ninety percent of respondents have suffered at least one breach over the past two years, but 38 percent suffered more than 5 breaches in the same period.

With the North American healthcare cloud computing market expected to grow to $6.5 billion by 2018, those service providers who can assure healthcare organizations of their security and compliance stand to gain revenue, but possibly also reputation boosts, which could benefit those companies even further as more sectors come to rely on the cloud for transfer of sensitive information.

According to the Ponemon study, almost 70 percent believe the Affordable Care Act has increased the risk to patients, with insecure exchanges, databases, and patient registration websites all blamed by 63-75 percent, respectively.

BYOD is permitted at 88 percent of organizations, and combined with employee negligence, is presenting a major risk.

“Employee negligence, such as a lost laptop, continues to be at the root of most data breaches in this study. However, the latest trend we are seeing is the uptick in criminal attacks on hospitals, which have increased a staggering 100 percent since the first study four years ago,” Dr. Larry Ponemon, chairman and founder, Ponemon Institute said. “The combination of insider-outsider threats presents a multi-level challenge, and healthcare organizations are lacking the resources to address this reality.”

Third-parties are also a source of risk, as only 30 percent of organizations are confident that their business associates are meeting the information security standards of the federal HIPAA Final Rule legislation.

A consulting firm in the UK recently stoked healthcare record security concerns when it uploaded sensitive data to Google servers.

“It’s been a year since the HIPAA Final Rule was issued, and we have seen healthcare organizations make some good progress towards complying with federal privacy and security guidelines and better safeguarding patient information. However, because the threats and risks are shifting, organizations are in a constant state of catch up,” Rick Kam, CIPP/US, president and co-founder of ID Experts said.

Add Your Comments

  • (will not be published)