9 Out of 10 Healthcare Organizations Have Suffered a Data Breach Since 2010

Michael Scranton

Michael Scranton

Posted on January 04, 2017

Data Breach
Since 2010, healthcare has seen a 125% increase in criminal attacks to their digital patient data. In fact, according to a study by the Ponemon Institute, 91 percent of healthcare organizations have been hit by at least one data breach. What is surprising, however, is that human error is reported as the primary cause of data breaches. The study found that almost all successful cyber attacks can be traced back to one or more human errors.
Source: CIO.com

Attacks Now Leverage Security Gaps Created by Users

Cyber-criminals are well aware of the human error factor as a potential gateway into the systems they are targeting. Therefore, email is still a primary method of gaining access and phishing. Many systems continue to rely on detection as a form of prevention, and hackers are taking full advantage of their ability to avoid getting picked up by these systems with emails that are unique enough to get around this surveillance and engaging enough to attract a recipient to open them. Attackers are also leveraging social networks to gain access through similar tactics.
Source: HealthDataManagement.com

Health IT Data Security Awareness Campaigns Can Reduce the Risk

Ransomware attacks are expected to continue growing in volume and diversifying in form in the coming years. While Chief Information Security Officers and Chief Medical Information Officers are working diligently to implement advanced systems and infrastructures to increase their Health IT security, awareness campaigns for staff may represent a cost-effective means of increasing data security for Covered Entities and Business Associates. A few potential areas to highlight in an awareness campaign for health IT data security are:

  1. Risks associated with accessing work documents from a non-HIPAA compliant or personal of email account
  2. Risks of accessing work documents or web based systems from public Wi-Fi connections
  3. Proper protocol for handling email from unknown senders
  4. Handling of links and attachments in emails

With a well-implemented awareness campaign and organizational dedication to data governance, the work health IT and software development teams are putting into securing patient data will lead to reduced risk of breach and improved protection of the organization’s ePHI.

Michael Scranton

Michael Scranton

As Director of Business Development, Michael is passionate about helping healthcare systems successfully transition to value-based care.

Related Posts

Graphic of a large laptop with a shield and padlock in front of it. Smaller images of people on the left and right side of the labtop interact with various mobile devices.

Posted on February 16, 2022 by Pablo Bullian

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure. Mitigating…Read more

Illustration of a boy sittin on top of a computer with security shields floating.

Posted on January 07, 2022 by Pablo Bullian

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is…Read more

Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.