Healthcare Technology Featured Article

December 21, 2011

As Health Data Breaches Rise, Cost to U.S. is over $6 Billion, Study Finds

As if we didn’t already know it, security breaches among healthcare organizations are spreading like wildfire, according to a story by George V. Hulme at

After surveying 72 healthcare organizations, the Ponemon Institute and ID experts found that, on average, the cost of data breaches to these organizations rose $183,526 to $2,243,700 from 2010, and extrapolating the study to the entire healthcare industry, Ponemon estimates that data breaches could be costing the U.S. healthcare industry between $4.2 billion and $8.1 billion a year, or an average of $6.5 billion, according to Hulme’s story.

The absolute number of breaches are also up 32 percent, year-over-year, Hulme writes, with almost 100 percent of those providers surveyed reporting at least one data breach in the past 24 months.”

This information was disclosed in the Second Annual Benchmark Study on Patient Privacy and Data Security conducted by the two organizations.

Even scarier, the majority of these breaches weren't caused by sophisticated hacks. Most of them, the survey found, came from employees’ carelessness – “losing or having their IT devices stolen or other unintentional, but ill-advised, employee action according to 49 and 41 percent of respondents,” Hulme writes. 

In October, a thief broke into Sacramento-based Sutter Health Foundation, affiliated with Sutter Health, and stole a laptop that just happened to contain medical information on more than 4 million.

Inadequate security from partners and providers, including business associates was another reason for breaches for 46 percent of participants, according to the story.

Some good news, if you can call it that, however: the percentage of respondents who had breaches discovered by their patients dropped from 41 percent to 35 percent.

Why is this happening so much? Hulme quotes Larry Ponemon of the Ponemon Institute as saying there could be many reasons, “such as an increase in the use of IT in the health care industry and more attacks targeting that electronic medical information.” Regulatory demands may also be a factor. Ponemon told Hulme that the increase in these demands is causing healthcare organizations to look more closely for breaches, “and so they're finding more.” Or, perhaps, the reason for the increase is a little bit of all of this, Ponemon told Hulme.

According to Guard.My.Credit, the number of breaches is rising because, as the cost for medical insurance rises (as it did significantly in 2011), “those price increases make the personally identifiable information of those with health insurance much more valuable”.

Deborah DiSesa Hirsch is an award-winning health and technology writer who has worked for newspapers, magazines and IBM in her 20-year career. To read more of her articles, please visit her columnist page.

Edited by Jennifer Russell

FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]