Crime now the leading cause of healthcare data breaches

The leading cause of healthcare data breaches has shifted from accident to intentional, according to the Ponemon Institute's fifth annual privacy and security report.

Ponemon surveyed 90 healthcare organizations and 88 business associates on privacy and security trends. The report was sponsored by ID Experts, a vendor of security software and services.

Ninety-one percent of healthcare organizations experienced one data breach in the last two years, 40 percent experienced more than five breaches and 39 percent experienced between two and five breaches, according to the findings.

This year is the first time in the report's five-year history that criminal cyberattacks were the leading cause of such breaches with criminal activity-related breaches increasing by 125 percent during the same time period.

Forty-five percent of respondents said criminal attacks were the root cause of their breaches but only 40 percent of healthcare security professionals said they were most concerned about cyberattacks compared with other potential security threats. Seventy percent said they were most worried about employee negligence. According to the report, 43 percent of respondents cited lost or stolen devices as the cause of breaches.

Before this year, the leading causes of data breaches have been employee negligence or incompetence and system glitches.

Unfortunately, just one-third of respondents said they have a process for responding to data breach incidents, and most failed to perform security risk assessments. About half said they were not confident their organizations could detect all cases of patient data theft or loss. Respondents named a lack of resources or budget and inadequate expertise as the leading barriers to improving security.

The report also noted that data breaches cost the healthcare industry about $6 billion each year, with about $2.1 million in costs per organization.

Read the report.