94 Percent of Healthcare Organizations Have Suffered a Data Breach, Report Finds | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

94 Percent of Healthcare Organizations Have Suffered a Data Breach, Report Finds

December 6, 2012
by Gabriel Perna
| Reprints

A new study from the Ponemon Institute has reaffirmed many likewise reports that healthcare industry is struggling to stop data breaches. The study, the Third Annual Benchmark Study on Patient Privacy & Data Security, said that 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years.

The study’s authors have upped the personal cost to the healthcare industry from a previous estimate $6.5 billion to $7 billion annually. They also found 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the highest cause for data breaches, the researchers found, was loss of equipment (46 percent) followed by employee errors (42 percent). Meanwhile, of the more than half of those organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.

"Healthcare organizations face many challenges in their efforts to reduce data breaches," Larry Ponemon, Ph.D., chairman and founder, Ponemon Institute, said in a statement. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."

The report also expressed doubt from healthcare organizations on the bring your own device (BYOD) movement. Fifty-four percent of organizations showed a lack of faith in their doctors bringing in their own device. The report also found 36 percent of organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. However, while 48 percent of organizations are conducting annual security assessments, 73 percent still have insufficient resources to prevent and detect data breaches.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.