Report: Healthcare Industry Still Lagging Behind in Data Breach Protection | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Healthcare Industry Still Lagging Behind in Data Breach Protection

December 5, 2012
by Gabriel Perna
| Reprints

The healthcare industry still lags behind in data security, the Frisco, Texas-based collaborative, the Health Information Trust Alliance (HITRUST) has deduced after an analysis of the industry’s response to data breaches from 2009 to the present. The report, “A Look Back: U.S. Healthcare Data Breach Trends,” analyzes every breach that has affected 500 or more individuals, and while there has been a decline in the number of breaches, the report says the industry’s susceptibility to various infiltrations has stagnated.

“By conducting and publicizing this analysis, we believe that over time we can facilitate a fundamental shift in the healthcare industry toward achieving a state of security and privacy that is on par with other leading industries,” Daniel Nutkis, CEO of HITRUST, said in a statement. “While the data itself is not terribly surprising, it does serve as a critical reminder of the education and improvement that still needs to occur across the industry, regardless of organization type and size.”

HITRUST, which is a collaboration of leaders in healthcare and IT security, is looking to implement a common security framework (CSF), which would give providers a framework that to can help them safely access, store or exchange personal health and financial information. In the report, HITRUST says there have been 495 breaches involving 21 million records at an estimated cost of $4 billion since 2009.  Hospitals and health systems, the report says, are one sect of the industry that has improved in reducing breaches, dropping the number of breaches affecting 500 or more 71 percent from 2010 to 2011.

 “We are seeing healthcare providers adopting the HITRUST CSF at a greater rate than other segments, which could be attributed to escalating pressures faced by this industry segment relating to the protection of health information,” Nutkis said. HITRUST also attributes Stage 1 of the meaningful use program, and the incentives tied to that regulatory act, in helping reduce this number. However, the report says, organizations with one-to-100 employees are still lagging behind and account for more than 60 percent of the breaches reported in the segment.

Another find from the report is that the number of hacking and malware infections is low, only accounting for a total of eight percent of the breaches. “Data we receive from other sources strongly indicates that U.S. healthcare organizations of all types are experiencing data loss due to viruses, attacks by cyber criminals, password sharing by clinicians, and the prevalence of vulnerabilities in electronic health record (EHR) technologies that are not communicated,” said Nutkis.

For an in-depth look into why data breaches are occuring and how leading organizations have dealth with them, check out Data Security 101: Avoiding the List from our September issue.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.

Trump will Nominate Acting VA Secretary Wilkie for Permanent Position

Just a day after the Department of Veterans Affairs (VA) and Cerner inked their $10 billion EHR (electronic health record) deal, President Trump said he would be nominating Acting VA Secretary Robert Wilkie for the permanent position.

ONC Names API Server Showdown Stage 2 Winner

The Office of the National Coordinator for Health Information Technology (ONC) has named 1UpHealth as the Stage 2 winner of the “Secure API Server Showdown” challenge.