• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Healthcare Data Breaches: The Gap Between Awareness & Readiness

by Our Thought Leaders 05/26/2016 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Security Data Breaches

Editor’s Note: D’Arcy Guerin Gue is a co-founder of Phoenix, with over 25 years of experience in executive leadership, strategic planning, IT services, knowledge leadership, and industry  relations —  with a special focus on patient engagement and federal compliance issues. She currently serves as the Director of Industry Relations at Phoenix Health Systems, a division of Medsphere Systems

D'Arcy Guerin GueYou may be suffering from IT security fatigue at this point, for which I offer a half-hearted apology.

Yes, only half-hearted, because the numbers say healthcare is aware of various security threats but still remains vulnerable, making it imperative that the subject stay top of mind until patient data is reliably protected.

For example, the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, published earlier this month, offers interesting perspectives on both healthcare organizations and business associates.

For this ID Experts-sponsored study, The Ponemon Institute engaged 91 covered entities (health plans, healthcare clearinghouses, healthcare providers) and 84 business associates (BAs) like healthcare IT companies. Given that business associates often have access to patient data, it’s appropriate that this study and future research projects include partners not involved in actual provision of care.

A review of the Benchmark Study reveals some overarching themes and messages that may prove valuable to healthcare providers and business associates.

Data breaches are common and happening more frequently.

You know this already, right? Probably, but the frequency suggests that only the really big breaches make it into the healthcare IT press.

In the last two years, 89 percent of healthcare organizations and 61 percent of BAs experienced at least one breach that resulted in a loss of patient data. In that same time period, 45 percent of healthcare organizations had more than five breaches and 28 percent of BAs had more than two.

“The annual economic impact of a data breach has risen over the past six years, as has the frequency of data breaches,” the report reads. “Criminal attacks and internal threats are the leading cause of data breaches.”

Employees are both your strongest asset and greatest liability.

How do your employees at all levels feel about working there? How well trained are they in all aspects of their jobs? Are you aware of any particularly disgruntled employees?

Where once these were primarily questions for human resources, now they are highly relevant to the security of your operation.

When asked what type of security incident they most fear, a majority of both healthcare organizations (69 percent) and BAs (53 percent) identified employee negligence and carelessness.

These percentages remain roughly the same as last year, even while the most common cause of data breaches with healthcare organizations—fully 50 percent—is criminal attacks. Among BAs, an unintentional employee action (55 percent) is still the manner by which patient data is most often compromised.

What may provide some comfort for both healthcare organizations and BAs is that a malicious insider (13 and 6 percent, respectively) is not often the cause of lost patient information.

While concerns about employee carelessness might be more statistically relevant for BAs than healthcare organizations, in both entities the gap between negligence and malice represents an opportunity to make employees the first and most effective line of defense.

Indeed, for most BAs (58 percent), data breaches were discovered by employees. On the healthcare organization side, audits (74 percent) most often received credit for data breach recognition, with employee detection second at 47 percent.

Healthcare organizations and BAs recognize that employees are essential to better security. Both entities said better training, as well as more effective policies and procedures, were the most effective way to combat loss of patient data. 

Data security spending and organizational preparation are still not where they need to be.

All of healthcare IT is aware of cyberattacks and the potential danger of losing patient data, and yet IT budgets remain stuck. Among healthcare organizations, 62 percent say their budget for incident response has either decreased (10 percent) or stayed the same (52 percent).

There remains a gap, Ponemon says, between awareness and funding.

“Recent big healthcare data breaches have increased the healthcare industry’s awareness of the growing threats to patient data, resulting in more focus on their security practices and implementing the appropriate policies and procedures, however the research indicates that it is not enough to curtail or minimize data breaches. According to the findings, half of these organizations still don’t have the people or the budget to detect or manage data breaches.”

Perhaps most disconcerting is that while 60 percent of healthcare organizations and 54 percent of BAs assess their organizational vulnerabilities, the overwhelming majority do so on either an annual (41 and 35 percent, respectively) or ad hoc (43 and 35 percent) basis.

Data breach insurance is becoming a standard part of providing healthcare.

The information on data breach insurance from the Ponemon study is interesting and somewhat curious. In the study group, one-third of healthcare organizations and 29 percent of BAs are insured against data breaches and cyberattacks. Of that group, a majority of both healthcare organizations (57 percent) and BAs (52 percent) purchased up to $5 million in coverage.

What do these numbers say about healthcare and preparation for cyberattacks? For one thing, we know that healthcare organizations and BAs are both concerned about liability; the coverage most frequently provided (just north of 70 percent for both groups) by the selected data breach policies is legal defense.

Other than that, it’s hard to draw any definitive conclusions based on the figures alone. On an individual basis, some organizations may find it more affordable to insure than fully prepare. Others may pursue both strategies.

It does seem clear that most of healthcare is under no illusions about how well prepared the industry is for hackers and cyberattacks. When asked why healthcare has a bullseye on its back, healthcare organization respondents said quite clearly that the industry is not doing enough, offering these perspectives:

– 51 percent: Healthcare organizations are not vigilant in ensuring their partners and other third parties protect patient information.

– 44 percent: Healthcare organizations are not hiring enough skilled IT security practitioners.

– 41 percent: Healthcare organizations are not investing in technologies to mitigate a data breach.

The rise in cyberattacks puts many healthcare organizations in a difficult spot. Millions have already been spent on IT systems and security, and in many ways and for many providers, it simply isn’t enough. Insurance is one way to guard against disaster, but more successful attacks will lead to higher premiums, making vigilance and adequate preparation the only realistic option.  

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: cyber security, Cybercrime Insurance, Healthcare Data Breach, Patient Data Breach

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |