The leading cause of healthcare data breaches is now crime, according to a new study published by the Ponemon Institute.
The Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, published yesterday, offers an insight into the main causes of HIPAA breaches. The report allows covered entities to assess their own defenses and divert resources to deal with the biggest risks.
A survey was conducted on 90 healthcare organizations and 88 Business Associates between February, 2015, and March, 2015. Respondents were asked questions about the data breaches their organizations had suffered over the past 24 months.
Crime is the Leading Cause of Healthcare Data Breaches
According to the report, hacking and network server incidents are the leading causes of healthcare data breaches. Criminals are now targeting healthcare providers and insurers for the data they hold. The data shows that hacking of network servers and email accounts; malware; theft of devices containing PHI with intent to sell; phishing and theft/data access by malicious insiders accounted for 45% of all healthcare data breaches. Criminal activity was found to have risen 125% in just five years and is the leading cause of healthcare data breaches by some distance.
“There is a real stimulus for criminal organizations that exist in Eastern Europe, Russia, China and Iran to go after and compromise these organizations to get access to that data.” says Rick Kan, Co-Founder of ID Experts and sponsor of the Ponemon Institute Study
Only 10% of Healthcare Organizations have yet to Experience a HIPAA Data Breach
Only a few years back, the probability of suffering a data breach was relatively low. Now the probability of avoiding one is almost down to a single digit. The report shows that 90% of healthcare providers have suffered at least one data breach or security incident involving HIPAA-covered data over the past two years.
That figure may seem astonishing, but it hides the extent of the current cybersecurity problem. 39% of covered entities suffered between 2 and 5 HIPAA data breaches during that period and alarmingly, 40% suffered more than five data breaches.
The reason for the increase is clear. Criminals can use PHI to commit fraud and obtain millions of dollars before being discovered and healthcare organizations are a big temptation as they often hold medical records in the millions. When the records sell for between $50 and $60, a successful hack potentially means a very big payday for the thief.
Healthcare Industry Suffering Huge Losses Due to Crime
According to Ponemon data, the cost of a healthcare data breaches is estimated to have been $2.1 million, based on the costs of data breaches suffered in the past 2 years. After assessing the number of reported data breaches, Ponemon researchers found that the average number of victims per data breach was 2,700.
The survey also asked respondents about the biggest perceived threats over the course of the next 12 months, and asked to predict what would be the biggest cause of healthcare data breaches. Only 40% believed cyber security attacks were the biggest worry, perhaps indicating that they have already invested in measures to improve defenses against hackers.
The main worry it would seem, is the area of data security that is the most difficult to manage and monitor. Employee negligence was seen to be one of the biggest threats, selected by 70% of respondents. 33% rated the cloud as a big area of concern.