Welcome!

Artificial Intelligence Authors: Pat Romanski, Yeshim Deniz, Liz McMillan, Zakia Bouachraoui, Elizabeth White

News Feed Item

Ninety-Four Percent of Hospitals Surveyed Suffered Data Breaches; Estimated Cost to Healthcare Industry Averages $7 Billion

Errors and Cyber Attacks Are Culprits; Mobile and Cloud Threats Loom; Patients at Risk for Medical Identity Theft

TRAVERSE CITY, Mich. and PORTLAND, Ore., Dec. 6, 2012 /PRNewswire/ -- The Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute, sponsored by ID Experts®, reports that healthcare organizations face an uphill battle in their efforts to stop data breaches. Ninety-four percent of healthcare organizations surveyed suffered at least one data breach; 45 percent of organizations experienced more than five data breaches during the past two years. Data breaches are an ongoing operational risk that could be costing the U.S. healthcare industry an average of $7 billion annually. A new finding indicates that 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the research indicates that patients and their PHI are at increased risk for medical identity theft. Risks to patient privacy are expected to increase, as mobile and cloud technology become pervasive. For a free copy of the Third Annual Benchmark Study on Patient Privacy & Data Security, visit http://www2.idexpertscorp.com/ponemon2012/. For the infographic, visit http://www2.idexpertscorp.com/ponemon2012/Infographic/.

(Photo: http://photos.prnewswire.com/prnh/20121206/SF24406-INFO)

Click to Tweet: 94 Percent of Hospitals Suffered #DataBreach; Cost to Healthcare Averages $7 Billion #HIPAA #Ponemon via @IDExperts http://bit.ly/UssmAO

Key Findings of the Research

  • Data breaches in healthcare are growing.

Ninety-four percent of hospitals in this study suffered data breaches during the past two years. Information breached is largely medical files and billing and insurance records. According to the research, 54 percent of organizations have little or no confidence that they can detect all patient data loss or theft. Based on the experience of the 80 healthcare organizations participating in this research, the resulting cost to the U.S. healthcare industry could be $6.87 billion, up from 2011. The average impact of a data breach is $1.2 million per organization.

  • Patients and their information are at risk for medical identity theft.

The causes of data breach cited were loss of equipment (46 percent), employee errors (42 percent), third-party snafu (42 percent), criminal attack (33 percent), and technology glitches (31 percent). More than half of healthcare organizations (52 percent) had cases of medical identity theft. Of the 52 percent of organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.

  • Technology trends threaten current landscape.

Mobile devices in the workplace pose threats to patients' PHI. Eighty-one percent of healthcare organizations permit employees to use their own mobile devices—commonly called Bring Your Own Device (BYOD)—often to access organization data. Yet 54 percent of organizations are not confident that these personally owned mobile devices are secure. Another technology threat gaining steam is cloud computing. Ninety-one percent of hospitals surveyed are using cloud-based services; many use cloud services to store patient records, patient billing information, and financial information. Yet, 47 percent of organizations lack confidence in the data security of the cloud.

  • Organizations are taking steps to detect data breaches, but majority lack budget and resources.

This past year, 36 percent of healthcare organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. While 48 percent of organizations are now conducing security risk assessments, only 16 percent are conducting privacy risk assessments. Yet, 73 percent still have insufficient resources to prevent and detect data breaches. And 67 percent of organizations don't have controls to prevent and/or quickly detect medical identity theft.

"Healthcare organizations face many challenges in their efforts to reduce data breaches," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."

Data Breaches Are a Part of "Doing Business"
"The trend continues: data breaches are increasing, patient information is at risk, yet healthcare organizations continue to follow the same processes," said Rick Kam, president and co-founder of ID Experts. "Clearly, in order for the trend to shift, organizations need to commit to this problem and make significant changes. Otherwise, as the data indicates, they will be functioning in continual operational disruption."

Recommendations for Healthcare Organizations
Kam offers five recommendations for healthcare organizations:

  1. Operationalize pre-breach and post-breach processes, including incident assessment and incident response processes
  2. Restructure the information security function to report directly to the board to symbolize commitment to data privacy and security
  3. Conduct combined privacy and security compliance assessments annually
  4. Update policies and procedures to include mobile devices and cloud
  5. Ensure the Incident Response Plan (IRP) covers business associates, partners, cyber insurance

Free Webinar to Discuss Research Findings
A free webinar Are Emerging Technologies Putting Your Patient Data at Risk?, featuring the Ponemon Institute and Providence Health & Services, will be held Thursday, December 6, 2012 at 1:00 p.m. ET. To register, visit http://bit.ly/UILqao.

About the Study
The Third Annual Benchmark Study on Patient Privacy & Data Security utilized in-depth, field-based research involving interviews with senior-level personnel at healthcare providers to collect information on the actual data loss and data theft experiences at their organizations. This benchmark research, in contrast to a traditional survey-based approach, enables researchers to collect both the qualitative and quantitative data necessary to understand the current status of patient privacy and data security in the healthcare organizations that participated in the study.

About Ponemon Institute
Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About ID Experts
ID Experts delivers complete data breach care. The company's solutions in data breach prevention, analysis and response are endorsed by the American Hospital Association, meet regulatory compliance and achieve the most positive outcomes for its customers. ID Experts is a leading advocate for privacy as a contributor to legislation, a corporate and active member in both the IAPP and HIMSS, a corporate member of HCCA and chairs the ANSI Identity Management Standards Panel PHI Project. For more information, join the LinkedIn All Things HITECH discussion at bit.ly/AllThingsHITECH or All Things Data Breach at http://linkd.in/TsbwgJ; follow ID Experts on Twitter @IDExperts; and visit http://www2.idexpertscorp.com/.

Note to Media:
Please visit the media resource site at http://www2.idexpertscorp.com/ponemon2012/Media-Resources-Ponemon-2012/. To schedule an interview with Rick Kam or Dr. Larry Ponemon, please contact [email protected].

SOURCE ID Experts; Ponemon Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER gives detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPOalso offers sp...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.