A new 28-page report from the Brookings Institute states that while public awareness of and consequences for healthcare data breaches is growing, so is the rate of breaches. The study found that 23% of all data breaches occur in healthcare, and that more than 155 million Americans have been affected by 1,500 breaches over the last 6 years. The per-record cost of a data breach in healthcare is $363, higher than in any other industry, the report found.

The study was authored by Niam Yaraghi, a fellow with Brookings’ Center for Technology Innovation, who interviewed 22 personnel at various healthcare providers, health insurance companies, and related business entities.

The health sector is being targeted by hackers for a number of reasons, Yaraghi writes, including the value of data retained by healthcare organizations such as Social Security numbers and home addresses, which can be sold at premium prices on the black market. Healthcare organizations also store large volumes of data for long periods of time, both factors that increase the risk of a breach. In addition, the increasing interconnectedness of healthcare means that more personnel now have access to patient data than ever before.

Human error is cited as the most common cause of breaches, but several other factors play a role. According to the report, the Health Insurance Portability and Accountability Act’s privacy rule is vaguely worded and outdated, and provides no specific direction about how to protect patient information. Organizations that suffer from a security breach also undergo an audit by the Office for Civil Rights (OCR), a process many say is unduly punitive and discourages health organizations from sharing details about the breach with other hospitals. Many health organizations are also reluctant to circulate their experiences because of the negative publicity associated with breaches.

The full report can be accessed on the Brookings Report website.


Photo credit: © Pictac | Dreamstime.com