Healthcare is much more digital than ever before. There has been an explosion in the use of healthcare technology such as wearables, mobile health (mHealth) applications, and remote monitoring devices. Electronic health records (EHRs) are now a mainstay of most if not all healthcare organizations in the United States, with data being shared electronically internally and externally.
As healthcare technology use increases, so has healthcare data breaches. Cyber attacks are the main reason for these breaches. Healthcare is one of the most targeted industries for cyber attacks with numerous attacks occurring each year, resulting in millions of healthcare data breaches. Healthcare stakeholders are paying millions of dollars in recovery costs and millions more in fines due to data breaches.
Healthcare also suffers from breaches internally with unintentional exposure and unauthorized access of patients’ protected health information (PHI) as well as authorized users misusing their work privileges.
The magnitude of the problem is effectively summed up in an article on healthcare data breach statistics by Leftronic. Here are 3 of the most important statistics to be aware of:
- 2,550 healthcare data breaches have compromised over 189 million healthcare records in the last decade, with 13,236,569 medical records being compromised in 2018 alone (HIPAA Journal).
- The average cost of a healthcare data breach is $6.45 million (IBM 2019) with healthcare stakeholders taking 197 days to identify a data breach and 69 days to contain it (IBM 2018).
- 44.44% of all data breaches in September 2019 were caused by phishing attacks targeting PHI stored in email accounts (HIPAA Journal, September 2019).
As we begin a new year and a new decade, healthcare stakeholders must become more aware of what is happening with health data breaches and proactively put measures in place to guard patients’ PHI. The best way to accomplish this is to utilize available technologies that can monitor and protect against breaches, as well as help with a quick recovery in the event of a healthcare data breach. There are solutions on the market offering enterprise-wide security protection for PHI to mitigate healthcare data breaches, such as HackShield, a solution provided by SureShield. The best solutions will address data liability to mitigate cyber risk through strategies such as by:
- assessing the level of liability on endpoints and stratifying risk
- securing local copies of data using transparent encryption
- purging unnecessary data to reduce the amount of information stored at endpoints
- monitoring third-party downloading of PHI on any device
The statistics on healthcare data breaches are frightening. However, healthcare stakeholders can take control of their systems and stay ahead of cyber attacks and other threats to PHI. For a step-by-step guide to continuous compliance and risk management in healthcare, download the Playbook for Corporate Compliance in Healthcare or contact SureShield to speak with our healthcare technology experts.