January 07, 2016
Two new reports uncovered a few surprises about health data breaches – and underlined the fact that you can’t paint all data breaches with the same brush.
Protected Health Information (PHI) is highly coveted by today’s cyber criminals, said Suzanne Widup of Verizon, which released the 2015 Protected Health Information Data Breach Report. Detailed health records make it easier for criminals to commit identity theft and medical billing fraud.
Here is what research showed about healthcare security and data breaches:
Not just Healthcare Industries: The Verizon report showed that 90% of the industries studied have experienced health data breaches. In fact, many organizations outside of the healthcare sector collect protected health information (in employee records or wellness program data, for example). Another study, the State of Healthcare Information Security 2015 survey showed that business associates taking inadequate security precautions with PHI are a threat too.
By the Numbers: Verizon reviewed 1,931 incidents from 25 countries comprising at least 392 million patient records. But the total number of compromised records might be much higher – 24% of breached organizations did not provide the exact number of records involved. Verizon also reported that nearly half of the population of the U.S. has been impacted by breaches of PHI since 2009.
Physical Breaches the Most Common: The Verizon data showed that lost or stolen assets, privilege misuse, and miscellaneous errors such as information misplacement, disposal errors, and publishing mistakes, caused 86% of all breaches of PHI data.
People, not Hacks: The State of Healthcare survey showed that human error – and often insider misuse – was responsible for more breaches than hackers in healthcare. “We spend millions on new technology, countless hours on policy writing, and engage all stakeholders to enhance their awareness,” wrote Dr. John D. Halamka in a medcitynews.com post. “Yet, we’re as vulnerable as our most gullible employee.”
The Effect on Consumers: Researchers have noted that consumers are starting to withhold information from healthcare providers because they’re concerned there could be a data breach. This could have serious implications – such as a delay in diagnosing a communicable disease.
What are information security best practices for organizations that handle health information?
Today all industries must have a comprehensive document management process that protects PHI from document creation to document disposal.