By Megan Williams, contributing writer
The bad news around security in healthcare continues, just after the announcement of Seton Health’s phishing scam attack.
HealthData Management has published the results of a Ponemon Institute study, and criminal activity gets the spotlight.
While laptop loss has always been an issue around healthcare security, criminal actors have driven the rate of attacks up 125 percent since 2010, bringing the category to the number one security threat to healthcare organizations. Regarding the attacks, 45 percent of the reporting organizations indicated that the root cause of their data breach was due to criminal attack, while malicious insiders were named by 12 percent of respondents. Larry Ponemon, chairman and founder of the institute said, “We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks. While employee negligence and lost/stolen devices continue to be major causes of data breaches, criminal attacks are now the number-one cause.”
The impact of these breaches is mounting. Annually, they cost the industry $6 billion with each affected organization facing a cost of more than $2 million each. To compound all that, medical identity theft has also increased over the last five years, nearly doubling its level of frequency. That has meant an increase from 1.4 million affected individuals to 2.3 million in 2014.
Still, most organizations remain unprepared, despite the fact that all healthcare organizations are at risk for data breaches regardless of their size. Organizations should be moving and the numbers support action.
According to the report, 91 percent of responding organizations had one breach, 39 percent had experienced from two to five breaches, and 40 percent had dealt with more than five breaches within the last two years. Still, two-thirds offered no protection for patients whose data had been breached.
For services providers working with healthcare clients to prevent breaches, suggestions like the ones mentioned in this article are recommended. They include:
- Identifying all key partners that impact organizational security
- Examining the processes around storage, processing, and transmission of sensitive data
- Understanding the roles and responsibilities of everyone in the organization
Asking the tough questions around the strength (and weaknesses) of current security measures.