MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates


Criminal Attacks: The New Leading Cause of Data Breach in Healthcare

May 7, 2015, 9:00 am


The Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, sponsored by ID Experts, shows that, for the first time, criminal attacks are the number-one root cause of healthcare data breaches. We calculated a 125 percent growth in these attacks over the last five years—a huge net change in any study. Employee negligence and lost or stolen devices still result in many data breaches, according to the findings. However, one of the trends we are seeing is a shift of data breaches—from accidental to intentional—as criminals are increasingly targeting and exploiting healthcare data. Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.

This year, we expanded the study beyond healthcare organizations to include business associates. This provides a broader and more holistic view of the healthcare industry and shows the impact third parties have on the privacy and security of healthcare data. With sensitive information flowing and new threats emerging daily, healthcare organizations and their business associates are at great risk for data breach. In fact, 91 percent of healthcare organizations and 59 percent of business associates experienced a data breach.
Since we began this study in 2010, we have seen a slight uptick in the investments healthcare organizations are making to protect healthcare information, but it is still not enough to address the rapidly changing cyber threat environment. Sadly, half of all healthcare organizations and business associates have little or no confidence that they have the ability to detect all patient data loss or theft.

The bottom line is that healthcare organizations and their business associates are a community of organizations that share vulnerable patient data—a community that provides a larger attack surface, and many points of access, for criminals who are becoming more adept at acquiring and exploiting personal information.
A complimentary copy of this study is available at www2.idexpertscorp.com/ponemon.


Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)