Healthcare data breaches on the rise, with potential $7B price tag
A new report shedding light on the challenges data breaches pose for the healthcare industry finds that the annual number of breaches continues to trend upward, and also could come with a nearly $7 billion price tag.
Conducted by privacy research firm Ponemon Institute, the third annual "Benchmark Study on Patient Privacy and Data Security," examines the fiscal and economic consequences of data breaches in conjunction with up-and-coming security trends, such as those relating to mobile devices.
Among the most compelling findings outlined in the report is data showing that breaches are, indeed, increasing. Some 94 percent of hospitals have experienced data breaches over the past two years, with medical files, billing and insurance records accounting for the majority of them.
But what's even more striking, say Ponemon officials, is that nearly half of hospitals (45 percent) have seen more than five data breaches at their organization – this in comparison to the 29 percent that had more than five data breaches in 2010.
The financial consequences of industry data breaches are also glaring. Researchers estimated the average economic impact of healthcare data breaches represented in the report at $2.4 million – up $400,000 from 2010's study.
The 2012 annual financial impact, the researchers say, is much more alarming.
"It cost the U.S. healthcare industry $6.87 billion to respond to these breaches," says Rick Kam, president and co-founder of ID Experts. "To put that into context, last year we talked about the fact that the U.S. federal government invested $6 billion, roughly, to cancer research, to basically eradicate cancer. Well, we're spending more on data breaches to respond to them than on cancer research."
Moreover, the top causes for data breaches, officials say, are completely and entirely avoidable, with loss of equipment accounting for 46 percent and employee errors at 42 percent. Criminal attacks (33 percent) and technology glitches (31 percent) were also commonly reported by hospitals.
Although desktops and laptop computers continue to account for the majority of stolen or lost devices, mobile technologies are on a steep incline. "What we also found that is kind of interesting is that the major source of data breaches on lost or stolen devices, and definitely on the rise, are tablets," said Larry Ponemon, chairman and co-founder of Ponemon Institute. "Last year tablets represented about 7 percent of all lost or stolen devices; this year, it's 18 percent, so it's more than double."