Skip to content Skip to navigation

Report: Healthcare Data Breaches Expected to Increase in 2015

December 8, 2014
by Rajiv Leventhal
| Reprints

Data breaches in healthcare are expected to increase in 2015 due to potential economic gain and digitization of records, according to Experian’s 2015 Second Annual Data Breach Industry Forecast.

According to the report, increased movement to electronic medical records (EMRs), and the introduction of wearable technologies introduced millions of individuals into the healthcare system, and, in return increased, the potential for data breaches.

Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string, makes them an attractive target for cybercriminals. The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ protected health information (PHI). In fact, an individual’s Medicare card — often carried in wallets for doctors’ visits — contains valuable information like a person’s Social Security number (SSN) that can be used for fraud if in the wrong hands. Although the report’s authors note that they are not aware of any federal or law enforcement agency which tracks data on SSN theft from Medicare cards, the problem is widely acknowledged.

As such, the report estimates that the potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually. It also referenced a Ponemon Institute survey that found that 72 percent of healthcare organizations say they are only somewhat confident (32 percent) or not confident (40 percent) in the security and privacy of patient data shared on health information exchanges (HIEs).

What’s more, it predicted that this year, in light of recent breaches, several states are likely to adopt new standards that expand the definition of personal data to include email and password information and non- Health Insurance Portability and Accountability Act (HIPPA) related health data, such as health insurance policy numbers and subscriber identification numbers. Under these proposals, the expanded definition of personal data could trigger breach notices in more frequent circumstances.

“Healthcare organizations will need to step up their security posture and data breach preparedness or face the potential for scrutiny from federal regulators. Reported incidents may continue to rise as electronic medical records and consumer-generated data adds vulnerability and complexity to security considerations for the industry,” the report’s authors concluded.




CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.