An important shift
This week in health IT a report found a disturbing change regarding data breaches.
The leading cause of healthcare data breaches has shifted from accidental to intentional, according to the Ponemon Institute's fifth annual privacy and security report.
Ninety-one percent of healthcare organizations experienced one data breach in the last two years, 40 percent experienced more than five breaches and 39 percent experienced between two and five breaches, according to the findings.
This year is the first time in the report's five-year history that criminal cyberattacks were the leading cause of such breaches with criminal activity-related breaches increasing by 125 percent during the same time period.
Just one-third of respondents said they have a process for responding to data breach incidents, and most failed to perform security risk assessments. About half said they were not confident their organizations could detect all cases of patient data theft or loss. Respondents named a lack of resources or budget and inadequate expertise as the leading barriers to improving security.
Lassaad Fridhi, information privacy and security officer for Commonwealth Care Alliance, spoke about privacy and security at Medical Informatics World 2015 in Boston.
“Really watch and identify risks,” he said, because it “becomes more compelling to do something about problems. If you just look away, you’ve got a bigger problem.”
Examine your own environment, he said. “Conduct a history analysis. Learn from your past issues. Have a tally of what caused problems. Even if not a breach, worth learning from.” Providers should conduct risk analyses and gap analyses which is important to do because “you will see where you are in terms of regulations and with policies. When say you’re doing it, you better be doing it.”
Address the issues that led to your previous incidents, he said. Prioritize your assessment results and shrink the gaps.
Investigate all incidents and counter risky behavior, he advised. “Address root causes and document your actions. Don’t be an ostrich. Act and act quickly. Test and test again.”
Maybe we can go a week without reports of another healthcare breach?
Beth Walsh
Clinical Innovation + Technology editor
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.