94 Percent of Healthcare Organizations Have Suffered a Data Breach, Report Finds

Dec. 7, 2012
A new study from the Ponemon Institute has reaffirmed many likewise reports that healthcare industry is struggling to stop data breaches. The study, the Third Annual Benchmark Study on Patient Privacy & Data Security, said that 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years.

A new study from the Ponemon Institute has reaffirmed many likewise reports that healthcare industry is struggling to stop data breaches. The study, the Third Annual Benchmark Study on Patient Privacy & Data Security, said that 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years.

The study’s authors have upped the personal cost to the healthcare industry from a previous estimate $6.5 billion to $7 billion annually. They also found 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the highest cause for data breaches, the researchers found, was loss of equipment (46 percent) followed by employee errors (42 percent). Meanwhile, of the more than half of those organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.

"Healthcare organizations face many challenges in their efforts to reduce data breaches," Larry Ponemon, Ph.D., chairman and founder, Ponemon Institute, said in a statement. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."

The report also expressed doubt from healthcare organizations on the bring your own device (BYOD) movement. Fifty-four percent of organizations showed a lack of faith in their doctors bringing in their own device. The report also found 36 percent of organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. However, while 48 percent of organizations are conducting annual security assessments, 73 percent still have insufficient resources to prevent and detect data breaches.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?