An article by HIPAA Journal highlights that more than 35 million individuals have had their health records compromised since July of 2019. This record is higher than the number of health records compromised in the past three years combined. The healthcare industry continues to be a lucrative target for data breaches. A recent article by Healio Primary Care reviews some of the alarming statistics and the impacts these data breaches are making on the healthcare industry.
Over the past year, there have been some prominent and costly data breaches occurring in the healthcare sector. For example, LabCorp experienced a data breach that impacted 7.7 million patients. Quest Diagnostics also experienced a similar breach that impacted 11.9 million patients. When these breaches occur, it is, of course, a matter of cybersecurity and cyber awareness, but the main takeaway from these breaches are the greater ramifications to the business, its employees and/or clients that have been impacted. Those ramifications can be huge and very costly!
The 2019 Ponemon “Cost of a Data Breach” report provides an overview and key statistics about the data breaches occurring each year. Two important takeaways from the breach report that focus on the healthcare sector are:
- In 2019, the average total cost of a Healthcare data breach is 65% higher than the overall average total cost of a breach, at $6.45M.
- The average cost per healthcare record that is breached is more than double the cost of a record breached in the financial sector, at $429.
The healthcare industry continues to be a prime target for hackers and cyber attackers to compromise data. There are a few reasons why health systems, in particular, are challenged by cyber-attacks.
- The industry must assess threats on numerous fronts: targeted attacks, human error, rogue employees and more.
- Healthcare organizations use various systems, devices and programs, which are all connected to the same network. With connected systems and large amounts of data and employees, healthcare systems are extremely complex and have many moving parts and many points of entry.
- There is significant regulatory oversight and failure to adhere can lead to significant fines and penalties. A recent article by MedCity News references some of the security regulations facing the healthcare industry and discusses the benefits that risk assessments can provide.
- Due to the severity of these breaches, some companies or physician practices could be forced to shut down due to the financial and/or reputational harm from the breach. Another RCM&D blog reviews the impact of an attack on a two-physician practice that ultimately led them to shut down the business.
Some of the best ways to protect patient data include planning for a breach, encrypting/backing-up your data, following a framework and communicating before and after a breach occurs. Talk to a trusted advisor about conducting a risk assessment and the benefits this assessment can have on your healthcare organization.