Criminals are going after information on the computer systems of healthcare payers and providers at an unprecedented rate, according to a new report from the Ponemon Institute, a research center that focuses on privacy, data protection and information security.
Since 2010, criminal theft of data from computers and servers operated by healthcare organizations have shot up 125 percent since 2010, and are now the No. 1 cause of healthcare data breaches. The information was reported in Ponemon’s “Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data.”
Ponemon says that data breaches take an annual toll of $6 billion on the healthcare industry. The average economic impact per healthcare organization is $2,134,800.
Ponemon defines a criminal attack as a “deliberate attempt to gain unauthorized access to sensitive information, usually to a computer system or network, resulting in compromised data.” Breaches can result from cyber-attacks, as well as theft of paper files or other criminal activity by people within the healthcare organization.
Because of the sensitive information they contain, medical files and billing and insurance records are top targets of criminals.
“We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks. While employee negligence and lost/stolen devices continue to be primary causes of data breaches, criminal attacks are now the number-one cause,” said Ponemon Institute Chairman and Founder Dr. Larry Ponemon. “Since first conducting this study, healthcare providers are starting to make investments to protect patient information, which need to keep pace with the growing cyber threats.”
Other key findings of the study include:
91% of healthcare organizations have had at least one data breach; 39% have experienced two to five data breaches; 40 percent have had more than five data breaches over the past two years.
45% of healthcare data breaches are the result of criminal activity.
78% of healthcare organizations have experienced web-borne malware attacks.