Nearly 90 Percent of Healthcare Organizations Suffer Data Breaches, New Ponemon Study Shows

May 12, 2016 at 9:10 am

Criminal attacks from the outside and negligence from the inside continue to put patient data in the crossfire, the newly released Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data reveals. For the sixth year in a row, data breaches in healthcare are consistently high in terms of volume, frequency, impact, and cost. Nearly 90 percent of healthcare organizations represented in this study had a data breach in the past two years, and nearly half, or 45 percent, had more than five data breaches in the same time period.

Estimates based on the results of this study suggest that breaches could be costing the healthcare industry a walloping $6.2 billion. The average cost of data breaches for covered entities surveyed is now more than $2.2 million while average cost to business associates in the study is more than $1 million.

Once again, criminal attacks are the leading cause of data breaches in healthcare—50 percent for healthcare organizations, a five-percent increase from last year’s study. Internal problems such as mistakes—unintentional employee actions, third-party snafus, and stolen computing devices—account for the other half of data breaches. In 2016, ransomware, malware, and denial-of-service (DOS) attacks are the top cyber threats facing healthcare organizations.

The full report can be found at

Warmest regards,

Dr. Larry Ponemon
Chairman & Founder
Ponemon Institute