The Best Medicine: Data Protection in the Healthcare Industry

The threat of data breaches continues to grow for the healthcare industry. In 2021, there were 472 healthcare information security breaches with confirmed data disclosure. Shred-it’s 2021 Data Protection Report found that 56% of healthcare organizations surveyed have experienced a data breach and almost a third of healthcare organizations surveyed experienced a data breach in 2021.

This growing threat affects healthcare organizations from a financial and regulatory perspective. IBM’s 2021 Cost of a Data Breach Survey found that data breaches in the healthcare industry cost on average $9.23 million, the most expensive of any industry and nearly $4 million more than the average cost of a data breach in the financial services industry, which ranked second. The funds lost to data breach recovery, which includes costs of legal fees, internal and external communications, assessments, and more, could be used to support and recruit healthcare staff, provide better amenities for patients, or even promote hospital sustainability initiatives.

A data breach can also put organizations at risk of potentially violating the Health Insurance Portability and Accountability Act (HIPAA), if personal health information (PHI) is exposed. Under HIPAA, covered healthcare organizations are required to disclose data breaches involving PHI that affects 500 individuals or more, in addition to other reporting requirements they may be subject to under state laws. Data breaches can lead to lawsuits, lost patients, and negative press coverage.

Data breaches can threaten not only sensitive patient data but also healthcare employee data. This can damage the trust between healthcare employees and their organizations, which could worsen the current healthcare staffing crisis.

Given the high financial and legal stakes of a data breach in the healthcare industry, organizations should take steps to help ensure the integrity of the healthcare facility’s private information and protect patients’ sensitive data. According to Shred-it’s Data Protection Report, only 64% of healthcare organizations surveyed have information security policies in place, and only 1 in 3 perform regular vulnerability assessments. However, additional findings from the 2021 Data Protection Report may suggest that healthcare organizations are better prepared to handle a data breach if one occurs because three in five healthcare organizations surveyed have an incident response plan in place to address a data breach. Only 35% of healthcare organizations surveyed in the 2021 Data Protection Report stated that it took a few weeks to resolve their most recent data breach, the lowest of any industry.

The healthcare industry has the great responsibility of providing patient care while also protecting their most sensitive information. Yet, with the right data protection policies in place, they can take steps to be compliant. To learn more about how to help protect healthcare data, download our Data Protection Report infographic and visit our healthcare page.