Release of recent figures from the Ponemon Institute indicates that the risk of data breaches for healthcare organizations and business associates is greater than had been reported in previous years. In fact, their research revealed that data breaches have occurred in 90 percent of the healthcare organizations participating in their study. We explore the results in this blog post and infographic.
Covered Entities Hit Harder than Business Associates
Interestingly, while 40 percent of the healthcare organizations experienced 5 or more breaches in a 24 month period, only 15 percent of business associates experienced the same stats in the same period.
Medical and Financial Information at Risk
Most often the type of information lost or stolen were medical records, followed closely by billing and insurance information. Loss of payment details accounted for half of the number of medical record and insurance information lost.
Insufficient Protection of ePHI
With the increasing number of health records being transmitted between healthcare organizations and their business associates, it’s no surprise that the majority of records breached have involved electronic PHI. And yet, from the research results it appears that less than half of the organizations participating in the study believe they have technology adequate to detect patient data loss or theft.
Employee Laptops, Tablets, Smartphones Vulnerable
Those same organizations also worry about employee negligence resulting in a breach of patient data, such as from the loss of electronic devices and from spear phishing, which it turns out are the #2 and #3 root causes of data breaches: lost or stolen electronic devices and unintentional employee action.
A well-founded worry which is supported by these additional facts:
- 39,000 laptops go lost or missing every week in the U.S. and
- investigators now suspect that the Anthem breach was the result of an employee clicking on a phishing link.
Insufficient Budgets are a Concern
Most healthcare organizations and business associates recognize the need to have adequate responses in place to deal with data breaches. And although there has been a small increase in investments to protect health information, 56 percent of healthcare organizations and 59 percent of business associates say additional resources are needed to make their efforts more effective.
Act NOW to Protect Your Assets
With an increase in the criminal interest in profitable health care data and a calculated 125% increase in cyber-attacks over the past five years, the necessity for health care entities to conduct an initial or follow-up bona fide risk analysis is more critical than ever.
Sign up for a personal guided tour of IRM|Pro™ – Clearwater’s Information Risk Management software.
- Identify your most critical risks,
- calculate a return on investment and
- determine and act on an appropriate risk treatment.
It’s time to step up your game to protect your assets and your reputation!
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Latest posts by Clearwater Compliance (see all)
- Clearwater Compliance’s IRM|Pro ™ Offers Expanded Enhancements to Address Evolving Hospital Cybersecurity Threats - April 4, 2017
- Cyber Contagions Knock Out Hospital Systems — Prompting Triaging of Cybersecurity to Code Red Status - July 19, 2016
- Exclusive Webinar for American Hospital Association (AHA) Members - July 12, 2016