Survey: Provider data breaches on the rise
“On average, it is estimated that data breaches cost benchmarked organizations $2.2 million,” researchers wrote in Ponemon’s second annual report on patient privacy and data security. “This represents an increase of $183,526 from the 2010 study despite healthcare organizations’ increased compliance with federal regulations.”
The December research report, which is sponsored by IT security services firm ID Experts and based on survey responses from 72 healthcare organizations, revealed that 96 percent of respondents experienced a data breach that involved the loss or theft of patient data. Lost or stolen computers were responsible for 49 percent of data breach incidents reported.
Other key findings included:
- Inadequate budget was frequently cited as an organization’s primary security weakness, with 54 percent of respondents placing it among their organization’s top two weaknesses. Insufficient assessments for trained staff joined inadequate budget atop the list of security weaknesses.
- Fewer than half of respondents were confident with their organization’s ability to detect patient data loss or theft, with 33 percent of respondents reporting little confidence and 24 percent reporting no confidence.
- Despite increased smartphone use among healthcare professionals, 49 percent of respondents reported that their organizations did nothing to protect mobile devices.
- Twenty-five percent of respondents said that their organizations did not have specific employees or departments dedicated to patient data protection.
Ponemon researchers concluded the report with a brief overview of the current state of patient privacy and data security.
“In some areas, healthcare organizations are making improvements,” they wrote. “These include having more trained and knowledgeable employees who are better at detecting and reporting a data breach. Areas that are in need of improvement include the availability of enabling technologies.”