Criminal attacks are the leading cause of data breaches in the health care industry, accounting for 50 percent of breaches in 2015, with mistakes, third-party glitches, and stolen computer devices making up the remainder, according to a report released today by Traverse City-based Ponemon Institute, a business research and consulting firm.
“In the last six years of conducting this study, it’s clear that efforts to safeguard patient data are not improving,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “More health care organizations are experiencing data breaches now than six years ago. Negligence — sloppy employee mistakes and unsecured devices — was a noted problem in the first years of this research and it continues. New cyber threats, such as ransomware are exacerbating the problem.”
Ponemon says data breaches are costing the health care industry $6.2 billion, and have yet to decline since 2010, despite a slight increase in awareness and spending on security technology. He says nearly half of health care organizations have little or no confidence that they can detect all patient data loss or theft.
Ponemon report finds nearly 90 percent of health care organizations have experienced data breaches over the past two years, while nearly 80 percent of health care organizations have experienced multiple data breaches in the past two years, up 20 percent since 2010. Forty-five percent of health care organizations had more than five breaches.
He says ransonware is the newest cyber threat and concern this year, along with malware and DoS. The study found that other top concerns to patient data are employee negligence, mobile device insecurity, use of cloud services, malicious insiders, and mobile apps.
Ponemon says despite the fact that health care organizations are aware of medical identity threat cases, more than 60 percent of the establishments don’t offer any protection services for victims whose information has been breached.
“The lack of accountability is a big issue in the health care industry, with a lot of finger pointing going on,” says Rick Kam, U.S. president and co-founder of ID Experts, the sponsor of the study and a provider of software for managing cyber risks and data breaches. “To get a better handle on internal data threats, health care organizations can start by getting back to basics with employee training, mobile device policies, regular data risk assessments, and enforceable internal procedures.”
To view the full report, called “The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data,” click here.