Teaching hospitals at higher risk for data breaches, study finds
- While cybersecurity is a growing concern across the healthcare industry, large teaching hospitals are especially susceptible to big data breaches, according to a research letter published online in JAMA Internal Medicine.
- Using HHS data, researchers led by Ge Bai, assistant professor at the Johns Hopkins Carey Business School, discovered 1,798 data breaches from Oct. 21, 2009, to Dec. 31, 2016. Thirty-three hospitals reported more than one breach — many of them teaching hospitals.
- Of the 141 acute care hospitals that reported breaches to HHS, 52 were major academic medical centers. “Hospital size and major teaching status were positively associated with the risk of data breaches,” the authors conclude.
Topping the list of hospitals that were breached at least twice are Montefiore Medical Center and the University of Rochester Medical Center & Affiliates, each with four data breaches.
“The evolving landscape of breach activity, detection, management and response requires hospitals to continuously evaluate their risks and apply best data security practices,” the authors wrote. “Despite the call for good data hygiene, little evidence exists of the effectiveness of specific practices in hospitals. Identification of evidence-based effective data security practices should be made a research priority.”
The overall number of electronic records that were compromised in 2016 grew by 566% to more than 4 billion, from 600 million the pervious year, according to the IBM X-Force Threat Intelligence Index 2017. But healthcare, which suffered a brutal year in 2015, with nearly 100 million records leaked, was among those industries that saw improvement in 2016. Just 12 million personal health records were breached last year — an 88% drop from 2015.
With growing use of digital technologies, health data is increasingly at risk. About 80% of U.S. healthcare organizations responding to a recent Thales survey said they plan to increase data security spending in 2017. That’s not a bad idea as a report by information services group Experian predicted healthcare organizations would be the No. 1 target of cyberattacks this year.
Healthcare’s cybersecurity record is shaky. A report released in December by Tenable Network Security gave the industry a “D” for overall performance on cybersecurity, down from a “C” the previous year. And the Government Accountability Office has repeatedly urged federal agencies to ramp up cybersecurity efforts, particularly around EHRs and state-based insurance markets.
- JAMA Internal Medicine Hospital Risk of Data Breaches
- FierceHealthcare Academic medical centers most at risk for data breaches; Montefiore, Advocate top lists