Criminal Attacks on Health Care Organizations Increased by 100%
March 13, 2014 in News
Although health care providers have improved their ability to control data breaches, criminal attacks on hospitals have increased by 100% since 2010, according to an annual study released Wednesday by the Ponemon Institute, Clinical Innovation Technology reports.
The Ponemon Institute’s “Fourth Annual Benchmark Study on Patient Privacy Data Security” was funded by ID Experts. For the survey, researchers interviewed 388 workers in compliance, IT, patient services and privacy at 91 health care organizations (Pedulli, Clinical Innovation Technology, 3/12).
The survey found that 40% of respondents reported a criminal data attack in the past year, which amounts to an 100% increase from Ponemon’s 2010 survey (McCann, Healthcare IT News, 3/12).
Meanwhile, 90% of respondents reported having at least one data breach in the past two years and 38% said they experienced at least five such incidents during the time period, down from 45% of organizations that last year reported five or more such incidents (Clinical Innovation Technology, 3/12).
Further, the survey showed that the average cost of a data breach for an organization declined by 17% since last year’s report to about $2 million over a two-year period. The report noted that data breaches cost the industry $5.6 billion annually, slightly down from previous years (Hall, FierceHealthIT, 3/12).
Larry Ponemon, founder of Ponemon Institute, attributed the decrease in the cost of health data breaches to organizations’ efforts to become more HIPAA-compliant in response to an uptick in audits by HHS’ Office for Civil Rights.
In regards to HIPAA compliance, the report found that:
- 51% of respondents said they are in full compliance with the updated HIPAA Omnibus Rule’s requirements for post-incident risk assessment; and
- 39% said their assessment process is ineffective and not consistent (Goedert, Health Data Management, 3/12).
When asked to identify their top security and privacy concerns:
- 75% of respondents cited employee negligence;
- 73% cited third-party business associates, such as IT service providers, claims processors and benefits management (Healthcare IT News, 3/11);
- 69% cited Affordable Care Act provisions (FierceHealthIT, 3/12); and
- 50% cited unsecured mobile devices (Healthcare IT News, 3/11).
When it comes to the ACA, the survey found that:
- 75% of respondents were concerned about insecure online health insurance exchanges;
- 65% were concerned about unprotected databases; and
- 63% were concerned about the website registration process (Sternstein, Nextgov, 3/12).