Ponemon Institute Releases Cyber Security Report


Online criminal attacks on U.S. hospitals’ medical data have doubled since 2010, putting patient records and personal information at risk, says a new study by the Ponemon Institute, a Traverse City-based firm that researches privacy, data protection, and information security policy.

In its recent report, the institute says 90 percent of respondents of health care institutions had at least one data breach in the last two years, while another 38 percent experienced more than five data breaches in the same time period. While many of these breaches resulted from lost or stolen computers, technical glitches, and third-party problems, several were due to criminal attacks. In fact, 40 percent of organizations reported incidents last year — a 100 percent increase since the first study four years ago, said Larry Ponemon, chairman and founder of the research company.

“The combination of insider-outsider threats presents a multi-level challenge, and healthcare organizations are lacking the resources to address this reality,” Ponemon said.

Employee negligence is considered to be the biggest security risk, with factors such as a lost laptop at the root of most data breaches, Ponemon said. Overall, 88 percent of health care organizations permit employees to use their own mobile devices to connect to their organization’s network, and 38 percent of hospitals don’t take steps to ensure the devices are secure or prevent them from accessing sensitive information.

Overall, data breaches, which most often involve lost or stolen billing and insurance records as well as medical files, now cost health care organizations $5.6 billion annually, down from $7 billion cited in the 2013 report.

The study also found nearly 70 percent of respondents believe the Affordable Care Act has increased security risks to patients because of inadequate protection. The concerns include insecure exchanges between health care providers and government (75 percent), insecure databases (65 percent), and insecure websites for patient registration (63 percent).

To read the full report, click here.