Stethoscope

Ponemon Report Shows Abysmal State of Data Security in the Healthcare Industry

Add Your Comments

 

Several alarming results were found in the 2015 Benchmark Study on Privacy & Security of Healthcare Data published by Ponemon on Thursday. Over 90 percent of healthcare organizations had a data breach and 40 percent had over five incidents in the last two years. Based on the results, the researchers estimate that the industry could be losing as much as $6 billion. This is up from last year’s Ponemon estimate of $5.6 billion.

In five years of issuing this report, this is the first time that cybersecurity problems became the number one cause of data breaches. Although lost devices and employee negligence are still factors, 45 percent of the organizations said that the “root cause of the data breach was a criminal attack.” Seventy-eight percent said that criminal security incidents are even higher: “for instance, web-borne malware attacks caused security incidents for 78 percent of healthcare organizations…” The healthcare industry is the most vulnerable to cyber attacks.

Despite a relatively small sample size, this data reflects what has been happening in the healthcare industry over the last year. Anthem, Premera and Community Health Systems all experienced major breaches in the last year resulting in the exposure of over 100 million patient accounts. What’s even more disturbing is that “[d]espite the changing threat environment…organizations are not changing their behavior—only 40 percent of healthcare organizations and 35 percent of BAs are concerned about cyber attackers,” said the report.

Fortunately most of the organizations (69 percent) have an incident response process in place but over half agreed they need more funding to make it effective. Most organizations budget less than 20 percent of the security budget to incident response.

“…[L]ess than half (49 percent) are very confident and confident they have the ability to detect all patient data loss or theft,” indicating a strong need for a change to current procedures to protect patient data.

Hosting providers such as Atlantic.net, Connectria and ViaWest are attempting to help the industry by offering HIPAA compliant services. It’s not clear though whether these services actually increase the security of patient data.

 

Newsletters

Subscribe Now and Get Our Exclusive Report on "The Hosting Infrastructure Ecosystem"

Enter your email to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.

Related Forum Threads

Add Your Comments

  • (will not be published)