Hospitals & Medical Centers / Security Newswire

Data Breaches Cost Healthcare Industry $7 Billion Annually

The Third Annual Benchmark Study on Patient Privacy and Data Security by the Ponemon Institute reports that healthcare organizations face an uphill battle to stop data breaches, according to an article from the International Business Times.

According to the Ponemon report, 94 percent of healthcare organizations surveyed suffered at least one data breach; 45 percent experienced more than five in the past two years.

Data breaches cost the U.S. healthcare industry an average of $7 billion annually.

The report also notes that 69 percent of organizations surveyed do not secure medical devices – including mammogram imaging and insulin pumps – which hold patients’ protected health information (PHI).

Infographic: You can view or download a free infographic of the study’s findings here.

Additional findings include:

  • 54 percent of organizations have little to no confidence that they can detect all patient data loss or theft.
  • The average impact of a data breach is $1.2 million per organization.
  • Causes of data breach cited were loss of medical equipment (46 percent), employee errors (42 percent), third-party snafu (42 percent), criminal attack (33 percent) and technology glitches (31 percent).
  • More than half of healthcare organizations (52 percent) had cases of medical identity theft, and 39 percent of those say it resulted in inaccuracies in the patient’s medical record and 26 percent say it affected the patient’s medical treatment.
  • 81 percent of organizations permit employees to use their own mobile devices (BYOD), but 54 percent of organizations are not confident that these personally-owned devices are secure.
  • 91 percent of hospitals surveyed are using cloud-based services, including to store patient records, patient billing information and financial information. Yet, 47 percent of organizations lack confidence in the cloud’s data security.
  • Over the past year, 36 percent of healthcare organizations have made improvement in privacy and security programs, in response to the threat of audits conducted by the U.S. department of Health and Human Services Office for Civil Rights, the press release notes.
  • 48 percent of organizations are conducting security risk assessments, but only 16 percent are conducting privacy risk assessments.
  • 73 percent have insufficient resources to prevent and detect data breaches.
  • 67 percent don’t have controls to prevent or quickly detect medical identity theft.

Rick Kam, president and co-founder of ID Experts – the commissioner of the survey – has five recommendations for healthcare organizations:

  1. Operationalize pre-breach and post-breach processes, including incident assessment and incident response processes
  2. Restructure the information security function to report directly to the board to symbolize commitment to data privacy and security
  3. Conduct combined privacy and security compliance assessments annually
  4. Update policies and procedures to include mobile devices and cloud
  5. Ensure the Incident Response Plan (IRP) covers business associates, partners, cyber insurance

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.