A new study from the Ponemon Institute has reaffirmed many likewise reports that healthcare industry is struggling to stop data breaches. The study, the Third Annual Benchmark Study on Patient Privacy & Data Security, said that 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years.
The study’s authors have upped the personal cost to the healthcare industry from a previous estimate $6.5 billion to $7 billion annually. They also found 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the highest cause for data breaches, the researchers found, was loss of equipment (46 percent) followed by employee errors (42 percent). Meanwhile, of the more than half of those organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.
"Healthcare organizations face many challenges in their efforts to reduce data breaches," Larry Ponemon, Ph.D., chairman and founder, Ponemon Institute, said in a statement. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."
The report also expressed doubt from healthcare organizations on the bring your own device (BYOD) movement. Fifty-four percent of organizations showed a lack of faith in their doctors bringing in their own device. The report also found 36 percent of organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. However, while 48 percent of organizations are conducting annual security assessments, 73 percent still have insufficient resources to prevent and detect data breaches.