Welcome!

Agile Computing Authors: Darren Anstee, Peter Silva, Roger Strukhoff, Elizabeth White, Liz McMillan

News Feed Item

Ninety-Four Percent of Hospitals Surveyed Suffered Data Breaches; Estimated Cost to Healthcare Industry Averages $7 Billion

Errors and Cyber Attacks Are Culprits; Mobile and Cloud Threats Loom; Patients at Risk for Medical Identity Theft

TRAVERSE CITY, Mich. and PORTLAND, Ore., Dec. 6, 2012 /PRNewswire/ -- The Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute, sponsored by ID Experts®, reports that healthcare organizations face an uphill battle in their efforts to stop data breaches. Ninety-four percent of healthcare organizations surveyed suffered at least one data breach; 45 percent of organizations experienced more than five data breaches during the past two years. Data breaches are an ongoing operational risk that could be costing the U.S. healthcare industry an average of $7 billion annually. A new finding indicates that 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the research indicates that patients and their PHI are at increased risk for medical identity theft. Risks to patient privacy are expected to increase, as mobile and cloud technology become pervasive. For a free copy of the Third Annual Benchmark Study on Patient Privacy & Data Security, visit http://www2.idexpertscorp.com/ponemon2012/. For the infographic, visit http://www2.idexpertscorp.com/ponemon2012/Infographic/.

(Photo: http://photos.prnewswire.com/prnh/20121206/SF24406-INFO)

Click to Tweet: 94 Percent of Hospitals Suffered #DataBreach; Cost to Healthcare Averages $7 Billion #HIPAA #Ponemon via @IDExperts http://bit.ly/UssmAO

Key Findings of the Research

  • Data breaches in healthcare are growing.

Ninety-four percent of hospitals in this study suffered data breaches during the past two years. Information breached is largely medical files and billing and insurance records. According to the research, 54 percent of organizations have little or no confidence that they can detect all patient data loss or theft. Based on the experience of the 80 healthcare organizations participating in this research, the resulting cost to the U.S. healthcare industry could be $6.87 billion, up from 2011. The average impact of a data breach is $1.2 million per organization.

  • Patients and their information are at risk for medical identity theft.

The causes of data breach cited were loss of equipment (46 percent), employee errors (42 percent), third-party snafu (42 percent), criminal attack (33 percent), and technology glitches (31 percent). More than half of healthcare organizations (52 percent) had cases of medical identity theft. Of the 52 percent of organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.

  • Technology trends threaten current landscape.

Mobile devices in the workplace pose threats to patients' PHI. Eighty-one percent of healthcare organizations permit employees to use their own mobile devices—commonly called Bring Your Own Device (BYOD)—often to access organization data. Yet 54 percent of organizations are not confident that these personally owned mobile devices are secure. Another technology threat gaining steam is cloud computing. Ninety-one percent of hospitals surveyed are using cloud-based services; many use cloud services to store patient records, patient billing information, and financial information. Yet, 47 percent of organizations lack confidence in the data security of the cloud.

  • Organizations are taking steps to detect data breaches, but majority lack budget and resources.

This past year, 36 percent of healthcare organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. While 48 percent of organizations are now conducing security risk assessments, only 16 percent are conducting privacy risk assessments. Yet, 73 percent still have insufficient resources to prevent and detect data breaches. And 67 percent of organizations don't have controls to prevent and/or quickly detect medical identity theft.

"Healthcare organizations face many challenges in their efforts to reduce data breaches," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."

Data Breaches Are a Part of "Doing Business"
"The trend continues: data breaches are increasing, patient information is at risk, yet healthcare organizations continue to follow the same processes," said Rick Kam, president and co-founder of ID Experts. "Clearly, in order for the trend to shift, organizations need to commit to this problem and make significant changes. Otherwise, as the data indicates, they will be functioning in continual operational disruption."

Recommendations for Healthcare Organizations
Kam offers five recommendations for healthcare organizations:

  1. Operationalize pre-breach and post-breach processes, including incident assessment and incident response processes
  2. Restructure the information security function to report directly to the board to symbolize commitment to data privacy and security
  3. Conduct combined privacy and security compliance assessments annually
  4. Update policies and procedures to include mobile devices and cloud
  5. Ensure the Incident Response Plan (IRP) covers business associates, partners, cyber insurance

Free Webinar to Discuss Research Findings
A free webinar Are Emerging Technologies Putting Your Patient Data at Risk?, featuring the Ponemon Institute and Providence Health & Services, will be held Thursday, December 6, 2012 at 1:00 p.m. ET. To register, visit http://bit.ly/UILqao.

About the Study
The Third Annual Benchmark Study on Patient Privacy & Data Security utilized in-depth, field-based research involving interviews with senior-level personnel at healthcare providers to collect information on the actual data loss and data theft experiences at their organizations. This benchmark research, in contrast to a traditional survey-based approach, enables researchers to collect both the qualitative and quantitative data necessary to understand the current status of patient privacy and data security in the healthcare organizations that participated in the study.

About Ponemon Institute
Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About ID Experts
ID Experts delivers complete data breach care. The company's solutions in data breach prevention, analysis and response are endorsed by the American Hospital Association, meet regulatory compliance and achieve the most positive outcomes for its customers. ID Experts is a leading advocate for privacy as a contributor to legislation, a corporate and active member in both the IAPP and HIMSS, a corporate member of HCCA and chairs the ANSI Identity Management Standards Panel PHI Project. For more information, join the LinkedIn All Things HITECH discussion at bit.ly/AllThingsHITECH or All Things Data Breach at http://linkd.in/TsbwgJ; follow ID Experts on Twitter @IDExperts; and visit http://www2.idexpertscorp.com/.

Note to Media:
Please visit the media resource site at http://www2.idexpertscorp.com/ponemon2012/Media-Resources-Ponemon-2012/. To schedule an interview with Rick Kam or Dr. Larry Ponemon, please contact [email protected].

SOURCE ID Experts; Ponemon Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example: Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry The social model innovation is also a big challenge to the new social architecture with the design fr...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics. In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
IoT is fundamentally transforming the auto industry, turning the vehicle into a hub for connected services, including safety, infotainment and usage-based insurance. Auto manufacturers – and businesses across all verticals – have built an entire ecosystem around the Connected Car, creating new customer touch points and revenue streams. In his session at @ThingsExpo, Macario Namie, Head of IoT Strategy at Cisco Jasper, will share real-world examples of how IoT transforms the car from a static p...
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the protocols that communicate data and the emerging data analy...
SYS-CON Events announced today that China Unicom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE F...
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, will discuss how VPaaS enables you to move fast, creating scalable video experiences that reach your...
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related? In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports. The session will include a working demo and a technical d...