The Ponemon Institute found that 89% of all healthcare organizations have experienced a data breach of some sort.
Dr. Larry Ponemon, founder of the Ponemon Institute, said in the report, “In the last six years of conducting this study, it’s clear that efforts to safeguard patient data are not improving. More healthcare organizations are experiencing data breaches now than six years ago. Negligence—sloppy employee mistakes and unsecured devices—was a noted problem in the first years of this research and it continues. New cyber threats, such as ransomware, are exacerbating the problem.”
"The healthcare industry is viewed as a soft target," Ponemon added. "It's a perfect storm for insecurity and an opportunity for cybercriminals."
This new report is among many others, each of them solidifying the healthcare industry as the most targeted group, surpassing the financial sector.
Here are some other key findings from the study:
Healthcare organizations are experiencing multiple data breaches each. 69% of healthcare organizations have experienced two or more data breaches. Nearly half have experienced more than 5 breaches. Cyber criminals are hammering organizations over and over again.
The most commonly exposed data are medical records. After that billing and insurance records and payment details are commonly exposed. Medical records have become highly valuable on the black market because people purchase them in order to receive free medical care.
The majority of breaches are made up of 500 records. While this is relatively small in the scope of things, a data breach has the ability to damage the lives of victims. Rick Kam, founder of ID Experts said, “A breach is a breach, no matter how small. Whether 5,000,000, 5,000, or 50 individuals are affected, the impact to each and every person is a big deal.” The majority of healthcare organizations don’t have a plan in place to assist their patients that were affected after a data breach.
Data breaches are very expensive. The total financial impact of cybercrime on the healthcare industry is $6.2 billion. The average cost of one data breach is $2.2 million. For healthcare business associates that handle private medical data, a data breach will cost $1 million.
Criminal activity overtook employee negligence as the number one cause of data breaches for the second year in a row. “While employee negligence and lost/stolen devices continue to be primary causes of data breaches, criminal attacks are now the number-one cause,” Dr. Ponemon stated. Criminal attacks include Denial of Service attacks, malware, and the most popular attack of the year: ransomware.
Healthcare organizations are greatly concerned about employee negligence and Denial of Service Attacks (Dos). Recent data breaches in the news have caused healthcare organizations to change their own security practices and the healthcare industry as a whole believes it is at more risk than any other industry. Despite this, security budgets continue to remain stagnant.
Healthcare organizations rely on policies and procedures first to combat data breaches. 63% of respondents have policies in place to detect and respond to data breaches quickly. They tend to use technological solutions less often. Only 54% of respondents believe that their organizations uses advanced technologies in order to “effectively prevent or quickly detect unauthorized patient data access, loss or theft.”