Data breach risk high for healthcare

Recent research shows that hospitals are the highest risk for data breaches.  The third annual benchmark study on patient privacy found that 45% of healthcare organizations have suffered more than five data breaches.  This is an increase from 29% in 2010.  In the majority of cases, 46%, the cause of the data breach was a lost or stolen computing device.  Employee carelessness and business associate mistakes were tied for the second most likely cause.

Healthcare IT News put together a list of the top 10 healthcare data breaches of 2012 listed below:

Utah Department of Health          780,000
Emory Healthcare          315,000
S.C. Department of Health and Human Services          228,435
Alere Home Monitoring, Inc.          116,506
Memorial Healthcare System, Fla.          102,153
Howard University Hospital            66,601
Apria Healthcare            65,700
University of Miami            64,846
Safe Ride Services            42,000
Medical Integration services, Puerto Rico            36,609

As I move into 2013, health care organizations can help prevent data breaches by maintaining tight control over organizational computing assets containing Protected Health Information (PHI) since this is the highest cause of breaches.  They should also be concerned with employee security training and requiring higher security standards of business associates.  Last but not least, HIPAA compliance is a must.

When a data breach or cyber security incident does occur, the impact can be minimized if clear direction for handling the breach has been given through incident response plans.  It is also important to know when to call for outside help.  Know providers of breach response services and computer forensic services and have their information at hand to minimize the scope and impact of a data breach or cyber security incident.

4 thoughts on “Data breach risk high for healthcare

    • Mina,
      Plans and policies will help if they are properly constructed and followed by employees. Health care organizations will also need to ensure that business associates and other handing the data have and follow such policies and procedures as well.

      • This is pretty much the tebxtook case of misery loves company. If a million people get their data stolen, someone is going to do something about it without you needing to do something.If a hundred people get their data stolen, it’s probably up to you.

Leave a Reply

Your email address will not be published. Required fields are marked *