Release of recent figures from the Ponemon Institute indicates that the risk of data breaches for healthcare organizations and business associates is greater than had been reported in previous years. In fact, their research revealed that data breaches have occurred in 90 percent of the healthcare organizations participating in their study. We explore the results in this blog post and infographic.


Covered Entities Hit Harder than Business Associates

Interestingly, while 40 percent of the healthcare organizations experienced 5 or more breaches in a 24 month period, only 15 percent of business associates experienced the same stats in the same period.

Medical and Financial Information at Risk

Most often the type of information lost or stolen were medical records, followed closely by billing and insurance information. Loss of payment details accounted for half of the number of medical record and insurance information lost.

Insufficient Protection of ePHI

With the increasing number of health records being transmitted between healthcare organizations and their business associates, it’s no surprise that the majority of records breached have involved electronic PHI. And yet, from the research results it appears that less than half of the organizations participating in the study believe they have technology adequate to detect patient data loss or theft.

Employee Laptops, Tablets, Smartphones Vulnerable

Those same organizations also worry about employee negligence resulting in a breach of patient data, such as from the loss of electronic devices and from spear phishing, which it turns out are the #2 and #3 root causes of data breaches: lost or stolen electronic devices and unintentional employee action.

A well-founded worry which is supported by these additional facts:

  1. 39,000 laptops go lost or missing every week in the U.S. and
  2. investigators now suspect that the Anthem breach was the result of an employee clicking on a phishing link.

Insufficient Budgets are a Concern

Most healthcare organizations and business associates recognize the need to have adequate responses in place to deal with data breaches. And although there has been a small increase in investments to protect health information, 56 percent of healthcare organizations and 59 percent of business associates say additional resources are needed to make their efforts more effective.

Act NOW to Protect Your Assets

With an increase in the criminal interest in profitable health care data and a calculated 125% increase in cyber-attacks over the past five years, the necessity for health care entities to conduct an initial or follow-up bona fide risk analysis is more critical than ever.

IRM_Pro_TaglineSign up for a personal guided tour of IRM|Pro™ – Clearwater’s Information Risk Management software.

  • Identify your most critical risks,
  • calculate a return on investment and
  • determine and act on an appropriate risk treatment.

It’s time to step up your game to protect your assets and your reputation!

Request Your Personal Demo Now!


Clearwater Compliance

Clearwater Compliance helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.