Dive Brief:
- It has become increasingly obvious that healthcare data is valuable. It contains personal information that includes individuals' Social Security Numbers, one of the main components required for identity theft (though only about one-quarter of all data breaches result in identity theft).
- In 2013, the healthcare industry was responsible for nearly half of all major data breaches, and topped the Identity Theft Resource Center's list of industries targeted for the first time. Aside from the recent breach of 4.5 million medical records from Community Health Systems, the U.S. Department of Health and Human Services has tracked 944 incidents that have affected about 30.1 million people. Most of those were due to theft.
- Data breaches cost the healthcare industry an estimated $5.6 billion annually. Still, only about 69% of organizations have a data breach plan in place, according to a 2013 survey of health security staff.
Dive Insight:
Billions of dollars have been thrown at healthcare providers to adopt EHRs and it looks like the next area of concentration is going to be focused on keeping all of that data secure. The industry has seemingly adopted technology more quickly than it has been able to safeguard it.
In 2013, Riverside Health System in Virginia reported a breach that had been going on unnoticed for a year. The organization then didn't have current contact information for all of those affected by the breach, showing not only problems with data security, but with the reporting process as well. Hospitals seem particularly susceptible to breaches because of all of the layers of people in contact with the information. And as the breaches get larger and more frequent, the industry will only become more vulnerable to fines and media scrutiny.
Want to read more? You may enjoy this story on the recent massive data break at Community Health Systems; or this story about the FBI's private industry notification to the healthcare industry.