Welcome Guest. | Log In | Register | Membership Benefits
  • |   Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share

Healthcare Data In Critical Condition

New study shows data breaches up and costing healthcare industry billions of dollars a year, with employees, mobile devices the weakest links

Dec 01, 2011 | 09:01 PM | 

By Kelly Jackson Higgins
Dark Reading
A new report taking the pulse of the healthcare industry finds that data breaches have jumped more than 30 percent and could be costing the industry an average of $6.5 billion annually.

The new Ponemon Institute "2011 Benchmark Study on Patient Privacy and Data Security," commissioned by IDExperts, found that employee error is one of the main reasons for data breaches in hospitals and healthcare providers. Hospitals and healthcare providers suffered an average of four data breaches in the past year, according to the report.

But the jump in breaches is, in part, due to better detection capabilities by healthcare organizations, says Larry Ponemon, chairman and founder of the Ponemon Institute. "It was not too surprising that the rate of data loss increased … [But] we think that finding may not be as negative as it appears, and could be a discovery-rate increase with more control and governance practices and use of enabling technologies."

Another big factor in data loss, however, is the explosion in mobile devices in the healthcare field. Some 80 percent employ these devices for gathering, transmitting, and storing patient information, but half are not securing them. While these devices help patient care, they also pose a major risk of exposure for the patient's health and other personal information, Ponemon says.

"With all of the focus around HIPAA and HITECH [Act] and security, it surprised me to see these organizations would allow the deployment of those devices [unsecured]," says Rick Kam, president of ID Experts. "It's like people driving the Indy 500 without seatbelts."

Among the top reasons for breaches: nearly half were stolen or lost computing or data devices, and 46 percent, due to third-party provider mistakes. Another problem is knowing just where patient data resides: Sixty-one percent say they are "not confident" they know where all patient data is being stored. More than half aren't sure they can detect incidents of data exposure.

More than 80 percent of hospitals have written policies for data breach reporting, but nearly 60 percent say the policies are ineffective. More than 40 percent say administrative employees are least cognizant of the need for protecting patient information.

Nearly 30 percent say the breaches they suffered resulted in medical identity theft -- a more than 25 percent increase over 2010.

A full copy of the report is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Insider Threat Reports

report How to Prevent an Illicit Data Dump
There are no silver bullets when it comes to protecting company and customer data from loss or theft, but there are technological and procedural systems that will go a long way toward preventing a WikiLeaks-like data dump. Here are some tips and tricks to help protect your organization's most sensitive information.

report Email and Data Loss
Email encryption, rights management, email gateways, and full-on data loss prevention systems can keep corporate data secure. Here's a look at the pros and cons of each, to help you determine what?s best for your business.

report An Insider Threat Reality check
Heightened concern that users could inadvertently expose or leak -- or purposely steal -- an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. In this special retrospective of recent news coverage, Dark Reading takes a look at how organizations are handling the threat -- and what users are really up to.

Other reports from the Insider Threat Tech Center: