New Study Reveals Healthcare Facilities and Expanded Cyber Liability Threats
A new study by the Ponemon Institute, an independent research firm on privacy, data protection and information security policy, reveals new and expanded threats to the security and privacy of patient information in the U.S. healthcare system. The “Fourth Annual Benchmark Study on Patient Privacy & Data Security” released in March cites several factors increasing the cyber risks for healthcare facilities.
First, the Affordable Care Act (ACA) is seen as a contributing factor because of the documented insecure websites, databases and health information exchanges that are highly vulnerable to insider and outsider threats. Moreover, healthcare employees are contributing to breach risks due to the increased use of their personal unsecured devices (smartphones, laptops and tablets). In addition, business associates—those that have access to personal health information (PHI) and work with healthcare organizations—are not yet in compliance with the HIPAA Final Rule, further complicating the risks facilities face. In addition, exacerbating the situation is an environment with increasing complex federal and state privacy and security regulations such as the HIGHTECH Act.
The Ponemon study also cites that data breaches continue to cost some healthcare organizations millions of dollars every year. “While the cost can range from less than $10,000 to more than $1 million,” Ponemon “calculates that the average cost for the organizations represented in this year’s benchmark study [hospitals and clinics] is approximately $2 million over a two-year period. Based on the experience of the healthcare organizations in this benchmark study, we believe the potential cost to the healthcare industry could be as much as $5.6 billion annually.”
The type of data compromised includes billing and insurance records, medical file, payment details, scheduling details, monthly statements, and prescription details.
Other takeaways from the study include the fact that insider negligence continues to be at the source of most data breaches reported and a major challenge for healthcare organizations. “These types of attacks on sensitive data have increased 100 percent since the study was conducted in 2010 from 20 percent of organizations reporting criminal attacks to 40 percent of organizations in this year’s study.”
Employee negligence is also a huge security risk, with 75% of organizations saying this is their biggest worry followed by use of public cloud services (41%), mobile device insecurity (40%) and cyber attackers (39%). And while this is a major concern, the majority of organizations allow employees and medical staff to use their mobile devices to connect to the organizations’ networks or enterprise systems such as email. “Similar to last year, more than half of organizations are not confident that the personally owned mobile devices or BYOD are secure.”
Healthcare facilities also view the use of cloud services as a significant threat. In fact, only one-third are very confident or confident that information in a public cloud environment is secure. Even with this perceived risk, 40% of organizations say they use the cloud heavily, an increase from 32% last year. “The applications or services most used are backup and storage, file-sharing applications, business applications and document sharing and collaboration.”
Protecting patient data is critical to achieve compliance and secure sensitive
Information, with more than half of the organizations in the study acknowledging they have the policies and procedures that effectively prevent or quickly detect unauthorized patient data access, loss or theft. But incidents do occur, which is why in addition to having robust security measures in place, a sound cyber liability insurance program is required. Cyber insurance will respond in the event of a loss and pay for first-party and third party liability costs.
Caitlin Morgan can help you secure the coverages needed for a healthcare facility to protect against the myriad of exposures they face, including cyber risks. Please give us a call at: 877.226.1027.
Source: Ponemon Institute Study