Hospitals are the highest risk for data breaches

Recent research shows that hospitals are the highest risk for data breaches.  The third annual benchmark study on patient privacy found that 45% of healthcare organizations had suffered more than five data breaches.  This is an increase from 29% in 2010.  In the majority of cases, 46%, the cause of the data breach was a lost or stolen computing device.  Employee carelessness and business associate mistakes were tied for the second most likely cause.

Healthcare IT News put together a list of the top 10 healthcare data breaches of 2012 listed below:

As we move into 2013, healthcare organizations can help prevent data breaches by maintaining tight control over organizational computing assets containing Protected Health Information (PHI) since this is the highest cause of breaches.  They should also be concerned with employee security training and require higher security standards of business associates.  Last but not least, HIPAA compliance is a must.

When a data breach or cybersecurity incident does occur, the impact can be minimized if clear direction for handling the breach has been given through incident response plans.  It is also important to know when to call for outside help.  Identify providers of breach response services and computer forensic services and have their information at hand to minimize the scope and impact of a data breach or cybersecurity incident.



About The Author


Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

4 Comments

    1. Mina,
      Plans and policies will help if they are properly constructed and followed by employees. Health care organizations will also need to ensure that business associates and other handing the data have and follow such policies and procedures as well.

      1. This is pretty much the tebxtook case of misery loves company. If a million people get their data stolen, someone is going to do something about it without you needing to do something.If a hundred people get their data stolen, it’s probably up to you.

Leave a Reply