Report cites criminal attacks as primary cause of healthcare data breaches
In the fifth annual Ponemon Institute privacy and security report, cyber attacks were listed as the top cause of healthcare breaches. Officials studied privacy and security trends for healthcare covered entities and their business associates. Over the course of the five years Ponemon has been publishing its annual breach report, criminal activity has grown 125 percent. Officials at the institute discovered 69 percent of healthcare organizations uncovered the breach via an audit or assessment. Forty four percent were discovered by an employee, while another 30 percent were found after a patient complained.
Ponemon stated, “Historically, the main cause of the data breach was the negligence or incompetence or system glitches within the organization, not necessarily criminal activity. This year, criminal activity was the number one cause.” Forty-five percent of respondents in the report claimed criminal attacks were directly responsible for the organization’s breach. Lost or stolen computing devices ranked second at 43 percent. Despite criminal attacks being the most significant threat, just 40 percent of healthcare security professionals are primarily concerned worried cyber attackers. Rather, employee negligence was of greatest concern at 70 percent.
The report also shed light on the astounding amount of breaches that healthcare organizations experience, with 40 percent of respondents reporting five or more breaches in the past two years. The average cost of dealing with these breaches is $2.1 million per organization, collectively costing the industry $6 billion per year. According to Ponemon, healthcare organizations have inadequate funding and resources for incident response to handle the rise in breaches, as stated by 56 percent of healthcare organizations and 59 percent of BAs.
WGA has set up a Data Breach Information Center on our website in light of the recent data breaches sweeping the healthcare industry, most recently CareFirst. Also be sure to check out WGA’s Cyber Risk Hub, an online platform for all of the insurance industry, designed to be a resource to provide a better understanding of the increasing risks resulting from breaches of information and network security.
About the Author
Travis Burgoyne is a Client Executive at WGA and a member of WGA’s Property and Casualty Group, working with emerging high technology and life sciences companies. He acts as an outsourced Risk Manager advising his clients on risk mitigation tactics, contract review, regulatory compliance, and risk transfer options.