Dive Brief:
- A new Ponemon Institute study on privacy and security found healthcare organizations have a high risk of data breaches through a 50/50 combination of criminal attacks and inside negligence.
- For the sixth year in a row, the organization found healthcare data breaches have been "consistently high" in volume, frequency, impact, and cost.
- Almost 90% of the healthcare organizations studied had been breached within the past two years, and 45% had been through more than five breaches during that time.
Dive Insight:
While healthcare cyberattacks and data breaches have posed an increasingly high profile issue over the past few years, healthcare organizations continue to remain overwhelmingly negligent in the safe handling of patient information, often lacking the budget or expertise to keep up with evolving threats.
The Ponemon study suggested these breaches pose a combined pricetag to the healthcare industry of $6.2 billion, noting the average cost of a breach for a covered entity is now more than $2.2 million. The average cost for a surveyed business associate regarding a data breach is more than $1 million.
Criminal attacks increased as the leading reason for data breaches in healthcare, from 45% in last year's report to 50% this year. Ransomware, malware, and denial-of-service (DOS) attacks are the three top threats currently facing healthcare organizations, Ponemon stated.
Meanwhile, preventable internal mistakes continue to be a problem, stemming from employee errors, third-party problems, and lost or stolen devices. A recent high-profile internal privacy and security came earlier this month when the American Dental Association (ADA), which serves more than 159,000 members, was doing damage control after finding it had accidentally mailed malware-infected USB thumb drives to member offices around the U.S. in late 2015.