The Definitive Blog

Protecting Patients: Data Breach Frequency, Causes, and Prevention

Definitive Healthcare’s Hospitals database, updated daily, provides detailed and historical information on hospital and health system data breaches at 8,000+ facilities.

In addition to the date, type of breach, location of the breach, and other key details, subscribers may view an approximation of the number of individuals involved, as well as a summary and/or associated news article.

A recently published article reports that the frequency of data breaches across organizations within the healthcare industry is higher than ever. A recent study by the Ponemon Institute and ID Experts reports that 91% of healthcare organizations have suffered a data breach in the past two years; 40% of these organizations have suffered more than five.

The causes of these data breaches vary. Among 9 of the latest data breaches this year, many were due to employee negligence, improper disposal of patient records, and/or lost and stolen devices. For example, 3,300 patients may have been affected by a large scale data breach at Partners Healthcare (Boston, MA) earlier this year due to employee engagement with phishing emails.

As supported by this list of recent data breaches, researchers are also seeing an increase in criminal behavior and intelligence hacks as a leading cause. According to the study by Ponemon Institute and ID Experts, “half of all healthcare organizations have little or no confidence that they have the ability to detect patient data loss or theft, and more than half don’t believe their incident response process has adequate funding and resources.”

Regardless of the cause, the healthcare industry could be losing $6 billion each year from data breaches. In response to these startling statistics, healthcare providers are making wise investments to protect valuable patient information and save money. Camine Clemntelli, a Security Expert from PFU Systems, states that prevention is thought to be the “key to data security as it is to health.” In addition, Clementelli recommends that healthcare organizations undergo a “behavioral traffic analysis” to provide a self-assessment of their network’s security. Lastly, by leveraging new IT and managing existing applications, permission policies, and risk levels, providers may start to save money and protect their patients more effectively.

June 2, 2015