News Feature | May 25, 2015

Breaches Cost Healthcare $6 Billion Annually

Katie Wike

By Katie Wike, contributing writer

Healthcare Data Breaches

A Ponemon Institute report indicates cyber criminals have increased their attacks on healthcare 125 percent, costing the industry $6 billion annually.

Six billion dollars. That’s the estimated price healthcare is paying annually as a result of cyber-attacks, and the industry is facing an ever-increasing number of them year over year. According to a report from the Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, such attacks increased by 125 percent just since 2010.

“We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks. While employee negligence and lost/stolen devices continue to be primary causes of data breaches, criminal attacks are now the number-one cause,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute in a press release. “Since first conducting this study, healthcare providers are starting to make investments to protect patient information, which need to keep pace with the growing cyber threats.”

Healthcare IT Security reports the average cost of a data breach for healthcare organizations is estimated to be more than $2.1 million. The average cost of a data breach to business associates (BAs) is reported at more than $1 million. Additionally:

  • Forty-five percent of CEs (covered entities) say the cause of the data breach was a criminal attack
  • 12 percent of CEs say it was due to a malicious insider
  • 39 percent of BAs (business associates) said a criminal attacker caused the breach
  • 10 percent of BAs reported it was because of a malicious insider

In addition,

  • 58 percent of CEs reported that policies and procedures are in place to effectively prevent or quickly detect unauthorized patient data access, loss or theft
  • 49 percent said they had sufficient technologies in place
  • 53 percent of CE respondents said they have staff members with the necessary technical expertise to identify and resolve data breaches

“A breach is a breach, no matter how small. Whether 5,000,000, 5,000, or 50 individuals are affected, the impact to each and every person is a big deal,” said Rick Kam, CIPP/US president and co-founder of ID Experts. “How many more individuals could be at risk due to unreported data breaches?”