Healthcare data breaches are on the rise, 32% over last year. Though some may find this to be alarming, there is a school of thought that this is actually good news and that we are identifying breaches that perhaps went unnoticed in the past. However, the fact remains that breaches are on the rise, statistically, and many organizations fear they lack the infrastructure and budget to protect patient privacy.
The study found the reasons for growing data breaches in healthcare organizations to include:
- employee mistakes and sloppiness
- lost or stolen mobile computing devices
- unintentional employee action
- third-party error
On average, it is estimated that data breaches cost benchmarked organizations $2,243,700. This represents an increase of $183,526 from the 2010 study, despite healthcare organizations’ increased compliance with federal regulations. Respondents in the study noted relying less on an “ad hoc’ process to prevent or detect data breach incidents and are relying more on policies, procedures and security.
Additional loss considerations to healthcare organizations include:
- Productivity loss
- Brand or reputation diminishment
- Loss of patient goodwill
- Potential for patient churn
Countermeasures being put in place to improve year-over-year breach statistics:
- Employee training on policies and procedures governing information protection
- Evaluation of organization-wide protection procedures for mobile devices
- Enhancing the guidelines relative to privileged user and access governance of patient data
Conducted by Ponemon Institute and sponsored by ID Experts, the study utilized in-depth, field-based research involving interviews vs a traditional survey-based approach.
Summary of the top findings:
- Over the last 24 months, 96% of organizations have had at least one data breach and, on average, organizations have had 4 data breach incidents, up from 3 cited in last year’s report.
- The average economic impact is approximately $2.2 million, up $200,000 over last year
- The average number of lost or stolen records per breach was 2,575 compared to last year’s average of 1,769
Top 3 causes of data breach:
- Lost or stolen computing devises
- 3rd party snafu
- Unintentional employee action
Methods of Detection
- Employees are most often the group to detect the data breach, followed by audits and finally, by patient complaints
- The average time to notify data breach victims is approximately 7 weeks
- A year-over-year increase (10%) is shown in organizations implementing an electronic health record (EHR) system
What a patient can do:
- Sign-up for an identity monitoring service that includes both credit monitoring and medical identity monitoring.
- Review explanation of benefits, insurance statements and medical summaries in detail.
- Use passwords strategically. Don’t use the same one for all devices and mix them up using letters, numbers and symbols.
- Stay alert to requests for personal data. Reputable organizations do not ask for this information over unsecured channels.
- Read your financial statements thoroughly.
- Freeze your credit or place a fraud alert on your credit (contact Equifax, Experian or TransUnion).
- Get a free credit report by going to www.annualcreditreport.com or calling 1-877-322-8228.
John Sileo is an award-winning author and speaks worldwide on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Contact him on 800.258.8076 or learn more at ThinkLikeASpy.com.