According to a recent study by the Ponemon Institute, 45 percent of healthcare organizations suffered more than five data breaches over the past two years, with about nine out of ten the victim of some kind of cyberattack, computer theft, employee mistake or some other kind of data breach during the same time period. And that’s just healthcare. The data that is most commonly exposed in healthcare data breaches is medical records, with billing, insurance records, and payment details following.
DATA BREACH STATISTICS FOR HEALTHCARE ORGANIZATIONS
The numbers are startling, particularly considering the extremely high security standards that have been established for those dealing with health data. Consider these statistics from the past two years cited by the study:
- 50 percent of healthcare organizations and 41 percent of healthcare business associates have been the victim of criminal attacks
- 79 percent of healthcare organizations have experienced two or more data breaches
- 34 percent of healthcare organizations experienced two to five breaches
- 89 percent of provider organizations have been breached
- 45 percent of provider organizations have been breached more than five times
- 64 percent of healthcare organizations and 67 percent of business associates provide no service for those whose information has been compromised by a breach
DATA BREACH PREPARATION NOT IMPROVING
What is most worrying of all is that the numbers reflect a lack of improvement over the last several years, indicating an remarkable lack of preparation on the part of the organizations involved in the survey. According to Larry Ponemon, chairman and founder of the Ponemon Institute, “The healthcare industry has been under attack for years, and despite all of that these organizations are just not making investments in security or they’re making investments that lag other industries such as financial services.”
When asked, 59 percent of the provider organizations and 60 percent of business associates indicated that their budget is not robust enough to provide the protections needed. These companies will likely regret not making the appropriate investment, as the cost of breaches now exceeds $6.2 billion per year, with an average cost of $2.2 million per covered entity, and more than $1 million for business associates.
Healthcare information management professionals are urging that better information sharing and best practices be put in place. Says Russell Branzaell, president and CEO of the College of Healthcare Information Management Executives, “The cyber threat landscape has never been more dangerous. To better safeguard our systems, we must improve information sharing across the industry.” He touts healthcare-specific provisions that were included in the Cybersecurity Information Sharing Act of 2015, which would create a framework for cybersecurity focused specifically on healthcare. The act would also create a series of best practices regarding health information security, including guidelines for the destruction of hard drives and electronic records.
E-Waste Security provides onsite hard drive shredding and data destruction, as well as computer recycling and disposal that has been certified by NAID and is compliant with HIPAA, PCI DSS and NIST 800-88 data destruction guidelines. To learn more about how we can help your organization improve your security measures, contact us today.