Medical Data Breaches Soar, According to Study

The Second Annual Benchmark Study on Patient Privacy and Data Security, conducted by the Ponemon Institute and sponsored by ID Experts, surveyed 72 healthcare organizations and found the average cost of data breaches to these organizations rose from $183,526 in 2010 to $2,243,700 in 2011. The absolute number of breaches is also increasing: up 32 percent year over year, with 96 percent of providers surveyed reporting at least one data breach in the past 24 months. Ponomon estimates data breaches could be costing the U.S. healthcare industry between $4.2 billion and $8.1 billion a year, or an average of $6.5 billion. The majority of breaches were not caused by sophisticated hacks or so-called advanced persistent threats. The survey found most were the result of employees losing or having their IT devices stolen or other unintentional, but ill-advised, employee actions. Shoddy security from partners and providers, including business associates, according to 46 percent of participants, was another significant reason. Also, the percentage of respondents who had breaches discovered by their patients dropped from 41 percent to 35 percent.