- HIPAA Update - http://blogs.hcpro.com/hipaa -

Ponemon study identifies criminal attacks as leading cause of breaches

security [1]Criminal attacks on the healthcare industry have increased 125% since 2010, making these attacks the leading cause of data breaches in the industry, according to the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare, [2] sponsored by ID Experts®. The goal of the study is to determine what organizations are doing to protect the privacy and security of PHI and what challenges they may face in doing so, according to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

The study reports on the responses of 90 covered entities (CE), and for the first time includes responses from 88 business associates (BA). The Ponemon Institute conducts as many as 20 separate interviews with each CE and BA involved in the study, Dr. Ponemon says.

Although criminal attacks have been highlighted in the annual study for five years, 2015 marks the first year that these attacks were listed as the top cause of data breaches. Nearly half (45%) of healthcare organizations surveyed listed criminal attacks as the top cause of data breaches, compared to 39% of BAs. Medical identity theft not only has financial repercussions, but has the potential to compromise the accuracy of patients’ records, which can ultimately harm the patient, says Rick Kam, CIPP/US, president and co-founder of ID Experts.

More than 90% of CEs surveyed experienced a data breach, and more than 40% experienced one within the last five years. More specifically, 65% of CEs said they experienced security incidents within the last two years involving the exposure, theft, or misuse of electronic information. The majority of respondents (96% of CEs and 95% of BAs) have experienced an incident involving lost or stolen devices. The study revealed that the average cost of a breach at a healthcare organization is more than $2.1 million, whereas the average cost for BAs is more than $1 million.