The Ponemon Institute has released its annual report on the state of privacy and security of health data and found that for the second year running, cybercriminals are the main cause of healthcare data breaches.
This is the sixth year that the Ponemon Institute has compiled its privacy and security of health data report and the data show that cybercriminal attacks are increasing steadily. When the first report was published six years ago, 20% of data breaches were caused by cybercriminals. Last year, 45% of healthcare organizations reported that cybercriminals were the root cause of data breaches experienced in the preceding two years. This year the figure had increased to 50%.
Other major causes of data breaches were errors made by business associates, which were cited as having caused data breaches by 41% of respondents, and the theft and loss of portable devices. 39% of surveyed organizations reported having experienced a data breach due to the loss or theft of laptops and/or portable storage devices in the past two years.
In total, 89% of healthcare organizations reported having experienced a data breach in the past two years and 79% of organizations said they had experienced more than two data breaches over the same time frame.
Cybercriminal attacks may have caused the most breaches, although the biggest concern is employee negligence. 69% of healthcare organizations rated this as one of the major worries, while 45% of respondents said cyber-attacks were the leading concern.
The spate of ransomware attacks that have hit healthcare providers in the past few months is worrying healthcare organizations. 44% of respondents said they were worried about ransomware, although the biggest threat is perceived to be distributed denial of service attacks (DDoS), which was ranked as a major cybersecurity threat by 48% of organizations. Malware is also a cause for concern, rated as a major threat by 41% of organizations.
Ponemon calculated the average cost of resolving data breaches to be $2.2 million for healthcare providers and health plans, while business associate data breaches cost an average of $1 million to resolve. Healthcare data breaches are costing the healthcare industry approximately $6.2 billion.
Greater investment in cybersecurity defenses is needed to tackle the rising threat of cyberattacks. According to 56% of respondents, more funding and resources are needed to ensure their cybersecurity plans are effective.