Welcome!

@CloudExpo Authors: Pat Romanski, Liz McMillan, Elizabeth White, Xenia von Wedel, Philippe Abdoulaye

News Feed Item

Ninety-Four Percent of Hospitals Surveyed Suffered Data Breaches; Estimated Cost to Healthcare Industry Averages $7 Billion

Errors and Cyber Attacks Are Culprits; Mobile and Cloud Threats Loom; Patients at Risk for Medical Identity Theft

TRAVERSE CITY, Mich. and PORTLAND, Ore., Dec. 6, 2012 /PRNewswire/ -- The Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute, sponsored by ID Experts®, reports that healthcare organizations face an uphill battle in their efforts to stop data breaches. Ninety-four percent of healthcare organizations surveyed suffered at least one data breach; 45 percent of organizations experienced more than five data breaches during the past two years. Data breaches are an ongoing operational risk that could be costing the U.S. healthcare industry an average of $7 billion annually. A new finding indicates that 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients' protected health information (PHI). Overall, the research indicates that patients and their PHI are at increased risk for medical identity theft. Risks to patient privacy are expected to increase, as mobile and cloud technology become pervasive. For a free copy of the Third Annual Benchmark Study on Patient Privacy & Data Security, visit http://www2.idexpertscorp.com/ponemon2012/. For the infographic, visit http://www2.idexpertscorp.com/ponemon2012/Infographic/.

(Photo: http://photos.prnewswire.com/prnh/20121206/SF24406-INFO)

Click to Tweet: 94 Percent of Hospitals Suffered #DataBreach; Cost to Healthcare Averages $7 Billion #HIPAA #Ponemon via @IDExperts http://bit.ly/UssmAO

Key Findings of the Research

  • Data breaches in healthcare are growing.

Ninety-four percent of hospitals in this study suffered data breaches during the past two years. Information breached is largely medical files and billing and insurance records. According to the research, 54 percent of organizations have little or no confidence that they can detect all patient data loss or theft. Based on the experience of the 80 healthcare organizations participating in this research, the resulting cost to the U.S. healthcare industry could be $6.87 billion, up from 2011. The average impact of a data breach is $1.2 million per organization.

  • Patients and their information are at risk for medical identity theft.

The causes of data breach cited were loss of equipment (46 percent), employee errors (42 percent), third-party snafu (42 percent), criminal attack (33 percent), and technology glitches (31 percent). More than half of healthcare organizations (52 percent) had cases of medical identity theft. Of the 52 percent of organizations that experienced medical identity theft, 39 percent say it resulted in inaccuracies in the patient's medical record and 26 percent say it affected the patient's medical treatment.

  • Technology trends threaten current landscape.

Mobile devices in the workplace pose threats to patients' PHI. Eighty-one percent of healthcare organizations permit employees to use their own mobile devices—commonly called Bring Your Own Device (BYOD)—often to access organization data. Yet 54 percent of organizations are not confident that these personally owned mobile devices are secure. Another technology threat gaining steam is cloud computing. Ninety-one percent of hospitals surveyed are using cloud-based services; many use cloud services to store patient records, patient billing information, and financial information. Yet, 47 percent of organizations lack confidence in the data security of the cloud.

  • Organizations are taking steps to detect data breaches, but majority lack budget and resources.

This past year, 36 percent of healthcare organizations have made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. While 48 percent of organizations are now conducing security risk assessments, only 16 percent are conducting privacy risk assessments. Yet, 73 percent still have insufficient resources to prevent and detect data breaches. And 67 percent of organizations don't have controls to prevent and/or quickly detect medical identity theft.

"Healthcare organizations face many challenges in their efforts to reduce data breaches," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "This is due in part to the recent explosion of employee-owned mobile devices in the workplace and the use of cloud computing services. In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected. Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."

Data Breaches Are a Part of "Doing Business"
"The trend continues: data breaches are increasing, patient information is at risk, yet healthcare organizations continue to follow the same processes," said Rick Kam, president and co-founder of ID Experts. "Clearly, in order for the trend to shift, organizations need to commit to this problem and make significant changes. Otherwise, as the data indicates, they will be functioning in continual operational disruption."

Recommendations for Healthcare Organizations
Kam offers five recommendations for healthcare organizations:

  1. Operationalize pre-breach and post-breach processes, including incident assessment and incident response processes
  2. Restructure the information security function to report directly to the board to symbolize commitment to data privacy and security
  3. Conduct combined privacy and security compliance assessments annually
  4. Update policies and procedures to include mobile devices and cloud
  5. Ensure the Incident Response Plan (IRP) covers business associates, partners, cyber insurance

Free Webinar to Discuss Research Findings
A free webinar Are Emerging Technologies Putting Your Patient Data at Risk?, featuring the Ponemon Institute and Providence Health & Services, will be held Thursday, December 6, 2012 at 1:00 p.m. ET. To register, visit http://bit.ly/UILqao.

About the Study
The Third Annual Benchmark Study on Patient Privacy & Data Security utilized in-depth, field-based research involving interviews with senior-level personnel at healthcare providers to collect information on the actual data loss and data theft experiences at their organizations. This benchmark research, in contrast to a traditional survey-based approach, enables researchers to collect both the qualitative and quantitative data necessary to understand the current status of patient privacy and data security in the healthcare organizations that participated in the study.

About Ponemon Institute
Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About ID Experts
ID Experts delivers complete data breach care. The company's solutions in data breach prevention, analysis and response are endorsed by the American Hospital Association, meet regulatory compliance and achieve the most positive outcomes for its customers. ID Experts is a leading advocate for privacy as a contributor to legislation, a corporate and active member in both the IAPP and HIMSS, a corporate member of HCCA and chairs the ANSI Identity Management Standards Panel PHI Project. For more information, join the LinkedIn All Things HITECH discussion at bit.ly/AllThingsHITECH or All Things Data Breach at http://linkd.in/TsbwgJ; follow ID Experts on Twitter @IDExperts; and visit http://www2.idexpertscorp.com/.

Note to Media:
Please visit the media resource site at http://www2.idexpertscorp.com/ponemon2012/Media-Resources-Ponemon-2012/. To schedule an interview with Rick Kam or Dr. Larry Ponemon, please contact [email protected].

SOURCE ID Experts; Ponemon Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
You are moving to the Cloud. The question is not if, it’s when. Now that your competitors are in the cloud and lapping you, your “when” better hurry up and get here. But saying and doing are two different things. In his session at @DevOpsSummit at 18th Cloud Expo, Robert Reeves, CTO of Datical, explained how DevOps can be your onramp to the cloud. By adopting simple, platform independent DevOps strategies, you can accelerate your move to the cloud. Spoiler Alert: He also makes sure you don’t...
What does it look like when you have access to cloud infrastructure and platform under the same roof? Let’s talk about the different layers of Technology as a Service: who cares, what runs where, and how does it all fit together. In his session at 18th Cloud Expo, Phil Jackson, Lead Technology Evangelist at SoftLayer, an IBM company, spoke about the picture being painted by IBM Cloud and how the tools being crafted can help fill the gaps in your IT infrastructure.
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
Creating replica copies to tolerate a certain number of failures is easy, but very expensive at cloud-scale. Conventional RAID has lower overhead, but it is limited in the number of failures it can tolerate. And the management is like herding cats (overseeing capacity, rebuilds, migrations, and degraded performance). Download Slide Deck: ▸ Here In his general session at 18th Cloud Expo, Scott Cleland, Senior Director of Product Marketing for the HGST Cloud Infrastructure Business Unit, discusse...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
"SpeedyCloud's specialty lies in providing cloud services - we provide IaaS for Internet and enterprises companies," explained Hao Yu, CEO and co-founder of SpeedyCloud, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change t...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
The initial debate is over: Any enterprise with a serious commitment to IT is migrating to the cloud. But things are not so simple. There is a complex mix of on-premises, colocated, and public-cloud deployments. In this power panel at 18th Cloud Expo, moderated by Conference Chair Roger Strukhoff, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships at Commvault; Dave Landa, Chief Operating Officer at kintone; William Morrish, General Manager Product Sales at Interou...
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
The pace of innovation, vendor lock-in, production sustainability, cost-effectiveness, and managing risk… In his session at 18th Cloud Expo, Dan Choquette, Founder of RackN, discussed how CIOs are challenged finding the balance of finding the right tools, technology and operational model that serves the business the best. He also discussed how clouds, open source software and infrastructure solutions have benefits but also drawbacks and how workload and operational portability between vendors ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...