94 Percent of Healthcare Organizations Have Suffered a Data Breach, Report Finds | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

94 Percent of Healthcare Organizations Have Suffered a Data Breach, Report Finds

December 6, 2012
by Gabriel Perna
| Reprints

A new study from the Ponemon Institute has reaffirmed many likewise reports that healthcare industry is struggling to stop data breaches. The study, the Third Annual Benchmark Study on Patient Privacy & Data Security, said that 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years.

The study’s authors have upped the personal cost to the healthcare industry from a previous estimate $6.5 billion to $7 billion annually. They also found 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the highest cause for data breaches, the researchers found, was loss of equipment (46 percent) followed by employee errors (42 percent). Meanwhile, of the more than half of those organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.

"Healthcare organizations face many challenges in their efforts to reduce data breaches," Larry Ponemon, Ph.D., chairman and founder, Ponemon Institute, said in a statement. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."

The report also expressed doubt from healthcare organizations on the bring your own device (BYOD) movement. Fifty-four percent of organizations showed a lack of faith in their doctors bringing in their own device. The report also found 36 percent of organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. However, while 48 percent of organizations are conducting annual security assessments, 73 percent still have insufficient resources to prevent and detect data breaches.



Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.