The Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, compiled by Ponemon Institute on behalf of ID Experts, shows the evolution of healthcare data breaches that reflect the increased value of healthcare data. The reality is that healthcare data is so valuable now that cybercriminals have shifted their attacks to the healthcare industry, making criminal attacks the top threat to healthcare data. Though this sounds terrifying, the good news is that people, process and technology are still at the core of preventing these kinds of data breaches from happening.
The 2015 study expands beyond healthcare organizations to also include business associates, now covered under HIPAA, and offers a broader perspective on the entire healthcare industry. The research shows that security incidents are happening all the time in the healthcare industry, to organizations and business associates alike, but that organizations have little confidence in their ability to prevent or detect such incidents.
Key takeaways from the study:
The research indicates that not only are healthcare data breaches occurring at an alarming rate, they are also going undetected. Half of the healthcare organizations and business associates surveyed have little or no confidence they have the ability to detect all patient data loss or theft. The average impact of data breaches per organization is over $2 million, costing the industry over $6 billion per year. Healthcare can no longer afford the mistakes that lead to data breaches, nor the mistakes that allow them to go undetected.
Although cyberattacks now dominate in the healthcare industry, the root cause of these attacks is quite varied. Employee mistakes, phishing, stolen credentials, lost devices, improper behaviour, unpacked systems - these incidents, often caused by decisions or mistakes made by people, give opening to a cyber attack. Right now, 45% of data breaches at healthcare organizations are attributed to criminal attacks, while 43% are attributed to lost or stolen computing devices - the reality, however, is that a criminal attack works based on some other vulnerability, which may be tied back to employees in some way that remains undetected.
For more on how Absolute Software can aid in your healthcare data protection, in protecting data and supplying tools to detect security incidents, visit our website or read our recent article on the “Top Tips for Keeping Patients’ Healthcare Data Protected.”