When it comes to healthcare data breaches, the healthcare industry still hasn’t found a cure.
According to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, conducted by the Ponemon Institute on behalf of information security firm ID Experts, the majority of healthcare companies surveyed have experienced multiple data breaches.
The study also concluded that many organizations in the healthcare industry lack the resources to adequately respond to data breaches.
Based on the study, Ponemon estimates these breaches could be a drag on the healthcare industry to the tune of $6.2 billion. And the impact is as wide as it is deep: Nearly 90 percent of healthcare organizations in the study suffered a data breach in the past two years. A staggering 45% had more than five data breaches in that same period.
The study also found, when averaged over the previous two years, the cost of a data breach to a healthcare organization tallied more than $2.2 million. Over the same period, business associates fared better with a lower total dollar figure of $1 million. “Despite this, about half of all organizations have little or no confidence that they can detect all patient data loss or theft. Although there’s been a slight increased investment over last year in technology, privacy and security budgets, and personnel with technical expertise, the majority of healthcare organizations still don’t have sufficient security budget to curtail or minimize data breach incidents,” the report states.
While an earlier Benchmark Study on Privacy and Security of Healthcare Data found that breaches were often caused by insiders or accidents, for the second year in a row, 50% of healthcare organizations say the nature of the breach was an external criminal attack.
Here are a few other notable highlights from the report:
Despite concerns about the vulnerability of these organizations to a data breach, budgets do not budge. Healthcare organizations report budgets have decreased (10%) or stayed the same (52%). Similarly, most business associates must deal with budgets that decrease (11%) or stay the same (50%).
Successful attacks targeting medical files and billing and insurance records increased. These contain the most valuable patient data and are most often successfully targeted (64% of respondents and 45% of respondents, respectively).
Billing and insurance records are at risk in business associates. In contrast to healthcare organizations, billing and insurance records are most often successfully targeted (56% of respondents) in business associates. Also frequently lost or stolen are payment details (45% of respondents).
Healthcare organizations and business associates believe they are more vulnerable than other industries to a data breach. An overwhelming majority of healthcare organizations (69%) and business associates (63%) believe they are at greater risk than other industries for a data breach.
The top reasons for healthcare organizations are a lack of vigilance in ensuring their partners and other third parties protect patient information (51%) and not enough skilled IT security practitioners (44%). In contrast, business associates say their vulnerabilities are due to employees’ negligence in handling patient information (54%) and a lack of technologies to mitigate a data breach (50%).