Survey: Provider data breaches on the rise

USB, privacy, security, patient data, record - 82.64 Kb
Despite increasing compliance with patient data security provisions of the HITECH Act and HIPAA, healthcare organizations are experiencing more security breaches that are costing them more money, according to Ponemon Institute research.

“On average, it is estimated that data breaches cost benchmarked organizations $2.2 million,” researchers wrote in Ponemon’s second annual report on patient privacy and data security. “This represents an increase of $183,526 from the 2010 study despite healthcare organizations’ increased compliance with federal regulations.”

The December research report, which is sponsored by IT security services firm ID Experts and based on survey responses from 72 healthcare organizations, revealed that 96 percent of respondents experienced a data breach that involved the loss or theft of patient data. Lost or stolen computers were responsible for 49 percent of data breach incidents reported.

Other key findings included:
  • Inadequate budget was frequently cited as an organization’s primary security weakness, with 54 percent of respondents placing it among their organization’s top two weaknesses. Insufficient assessments for trained staff joined inadequate budget atop the list of security weaknesses.
  • Fewer than half of respondents were confident with their organization’s ability to detect patient data loss or theft, with 33 percent of respondents reporting little confidence and 24 percent reporting no confidence.
  • Despite increased smartphone use among healthcare professionals, 49 percent of respondents reported that their organizations did nothing to protect mobile devices.
  • Twenty-five percent of respondents said that their organizations did not have specific employees or departments dedicated to patient data protection.

Ponemon researchers concluded the report with a brief overview of the current state of patient privacy and data security.

“In some areas, healthcare organizations are making improvements,” they wrote. “These include having more trained and knowledgeable employees who are better at detecting and reporting a data breach. Areas that are in need of improvement include the availability of enabling technologies.”

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.