Recent research shows that hospitals are the highest risk for data breaches.┬á The third annual benchmark study on patient privacy found that 45% of healthcare organizations have suffered more than five data breaches.┬á This is an increase from 29% in 2010.┬á In the majority of cases, 46%, the cause of the data breach was a lost or stolen computing device.┬á Employee carelessness and business associate mistakes were tied for the second most likely cause.
Healthcare IT News put together a list of the top 10 healthcare data breaches of 2012 listed below:
|Utah Department of Health||┬á┬á┬á┬á┬á┬á┬á┬á 780,000|
|Emory Healthcare||┬á┬á┬á┬á┬á┬á┬á┬á 315,000|
|S.C. Department of Health and Human Services||┬á┬á┬á┬á┬á┬á┬á┬á 228,435|
|Alere Home Monitoring, Inc.||┬á┬á┬á┬á┬á┬á┬á┬á 116,506|
|Memorial Healthcare System, Fla.||┬á┬á┬á┬á┬á┬á┬á┬á 102,153|
|Howard University Hospital||┬á┬á┬á┬á┬á┬á┬á┬á┬á┬á 66,601|
|Apria Healthcare||┬á┬á┬á┬á┬á┬á┬á┬á┬á┬á 65,700|
|University of Miami||┬á┬á┬á┬á┬á┬á┬á┬á┬á┬á 64,846|
|Safe Ride Services||┬á┬á┬á┬á┬á┬á┬á┬á┬á┬á 42,000|
|Medical Integration services, Puerto Rico||┬á┬á┬á┬á┬á┬á┬á┬á┬á┬á 36,609|
As I move into 2013, health care organizations can help prevent data breaches by maintaining tight control over organizational computing assets containing Protected Health Information (PHI) since this is the highest cause of breaches.┬á They should also be concerned with employee security training and requiring higher security standards of business associates.┬á Last but not least, HIPAA compliance is a must.
When a data breach or cyber security incident does occur, the impact can be minimized if clear direction for handling the breach has been given through incident response plans.┬á It is also important to know when to call for outside help.┬á Know providers of breach response services and computer forensic services and have their information at hand to minimize the scope and impact of a data breach or cyber security incident.