Skip to content Skip to navigation

94 Percent of Healthcare Organizations Have Suffered a Data Breach, Report Finds

December 6, 2012
by Gabriel Perna
| Reprints

A new study from the Ponemon Institute has reaffirmed many likewise reports that healthcare industry is struggling to stop data breaches. The study, the Third Annual Benchmark Study on Patient Privacy & Data Security, said that 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years.

The study’s authors have upped the personal cost to the healthcare industry from a previous estimate $6.5 billion to $7 billion annually. They also found 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the highest cause for data breaches, the researchers found, was loss of equipment (46 percent) followed by employee errors (42 percent). Meanwhile, of the more than half of those organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.

"Healthcare organizations face many challenges in their efforts to reduce data breaches," Larry Ponemon, Ph.D., chairman and founder, Ponemon Institute, said in a statement. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."

The report also expressed doubt from healthcare organizations on the bring your own device (BYOD) movement. Fifty-four percent of organizations showed a lack of faith in their doctors bringing in their own device. The report also found 36 percent of organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. However, while 48 percent of organizations are conducting annual security assessments, 73 percent still have insufficient resources to prevent and detect data breaches.



AHRQ Developing New Patient Safety Surveillance Tool

With the aim of improving patient safety monitoring, the Agency for Healthcare Research and Quality (AHRQ) within the U.S. Department of Health and Human Services (HHS) is currently developing and testing an improved patient safety surveillance system.

Gates Foundation Awards $210M to UW's Population Health Initiative

The Bill and Melinda Gates Foundation is awarding $210 million to Seattle-based University of Washington’s Population Health Initiative, with the funds going toward the construction of a new building to serve as the initiative’s hub.

AHA Offers Interoperability Standards Recommendations to ONC

The American Hospital Association (AHA) has offered feedback to the ONC on the agency’s draft Interoperability Standards Advisory (ISA) that it issued in August.

Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.

FDA, Hospitals Work to Improve Data Collection about Medical Devices

The U.S. Food and Drug Administration is looking to improve the way it works with hospitals to modernize and streamline data collection, specifically safety data, about medical devices.