According to a new Ponemon study sponsored by ID Experts, the Second Annual Benchmark Study on Patient Privacy and Data Security, healthcare breaches continue to rise. The frequency of data breaches was up 32% over the previous year, averaging four data breaches per healthcare organization. To further complicate matters, 55% of healthcare organizations say they have little or no confidence they are able to detect all privacy incident.
According to the survey, 41% of healthcare data breaches of protected health information (PHI) are caused by 'sloppy employee mistakes'. Other areas causing increased risk of breaches include not knowing where patient data is located, third-party mistakes, and lost or stolen data devices (49%).
As we saw with the previous study, healthcare organizations are doing little to protect mobile devices that are a source of many breaches. With so many devices being stolen, accounting for nearly half of all PHI data breaches, it is surprising that so few organizations are proactively protecting their mobile devices.
"Healthcare data beaches are an epidemic," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "These problems are a direct result of our national economy. Healthcare organizations—especially not-for-profit hospitals and small clinics—have thin margins, are trimming staff and resources and are lacking sufficient security and privacy budgets needed to adequately protect patients. I don't see this getting better anytime soon."
The data from the study suggests that data breaches could be costing the US healthcare industry $4.2 billion - $8.1 billion annually. In addition to costs, 29% believe their data breaches lead to cases of medical identity theft, a large increase over 2010 figures.
Are you in the healthcare field? See how we can help.