- 94% of organisations had at least one data breach in the last two years. The average number for each participating organisation was four data breach incidents in the past two years.
- The average economic impact of a data breach over the past two years for the responding healthcare organisations was $2.4 million. That's up almost $400,000 since the study was first conducted in 2010.
- The average number of lost or stolen records per breach was 2,769. The types of lost or stolen patient data most often included medical files and billing and insurance records.
- 52% discovered the data breach as a result of an audit or assessment, 47% discovered the data breach through employees.
- More than half (54%) of organisations have little or no confidence that their organisation has the ability to detect all patient data loss or theft.
- 81% permit employees and medical staff to use their own mobile devices such as smartphones or tablets to connect to their organisation's networks or enterprise systems. However, 54% of respondents say they are not confident that these personally owned mobile devices are secure.
- 91% of hospitals surveyed are using cloud-based services, yet 47% lack confidence in the ability to keep data secure in the cloud.
- Despite recent attacks on medical devices, 69% of respondents say their organisation's IT security and/or data protection activities do not include the security of FDA-approved medical devices.
15 Recent Healthcare Data Breaches
The following is a roundup of healthcare data breaches reported in the last 30 days, beginning with the most recent:
1. Laptops Stolen from New York Podiatrist's Office Contained 6,475 Patients' Information
Poughkeepsie, N.Y.-based Sims and Associates Podiatry notified patients of a data breach that occurred when its office was burglarized and three laptops containing patients' personal and health information were stolen.
2. Tufts Health Plan Reports Data Theft Affecting 8,830 Medicare Subscribers
Watertown, Mass.-based Tufts Health Plan reported the theft of the personal information of 8,830 Medicare subscribers.
3. Laptop Containing Patient Information Stolen From Coordinated Health
Bethlehem, Pa.-based Coordinated Health notified patients of a data breach that occurred when a laptop containing patient information was stolen from an employee's vehicle.
4. Parallon Business Solutions Insider Breach Affects Patients in New Hampshire
Franklin, Tenn.-based Parallon Business Solutions, which provides billing services to many healthcare providers in New Hampshire, notified 40 New Hampshire residents their personal and health information was compromised in an insider data breach.
5. UPMC Reports 27,000 Victims of Data Breach
Pittsburgh-based UPMC reported the number of employees affected by a data breach at its facility has risen from 322 to as many as 27,000.
6. University Urology Notifies 1,144 Patients Their PHI Was Provided to a Competing Provider
Knoxville, Tenn.-based University Urology announced a data breach that occurred when patients' protected information was compiled by an administrative employee and provided to a competing healthcare provider for the purpose of soliciting patient business.
7. Lubbock Cardiology Clinic Announces Data Breach Affecting 1,400 Patients
Lubbock (Texas) Cardiology Clinic announced a data breach involving unauthorized access to 1,400 of its patients' medical records.
8. Midwest Orthopaedics at Rush Announces Data Breach Affecting 1,200 Patients
Chicago-based Midwest Orthopaedics at Rush notified more than 1,200 patients their personal and health information may have been compromised in February when an unknown person accessed a physician's Gmail account.
9. Data Breach at La Palma Intercommunity Hospital
La Palma (Calif.) Intercommunity Hospital notified patients their medical records and personal information were illegally viewed by a former employee of the hospital.
10. Michigan Long Term Care Security Breach Affects 2,595 Patients
The Michigan Department of Community Health announced a data breach that occurred when a laptop and flash drive containing 2,595 patients' personal and health information were stolen from an employee of the Michigan Long Term Care Ombudsman's Office.
11. Kaiser Permanente Notifies Patients of Data Breach Caused by Malware
The Kaiser Permanente Northern California Division of Research in Oakland, Calif., notified patients their personal and health information was compromised when its research server was infiltrated by malware.
12. Billing Service Data Breach Caused by Alleged Identity Thief
Salem (Va.) Hospitalists, a medical group practice, notified patients of a data breach caused when a contractor's former employee who is being investigated for identity theft accessed their personal and health information.
13. Subcontractor Error Exposes 3,100 Alabama Patients' Medical Data
Decatur, Ala.-based PracMan, a billing company utilized by many Alabama physicians, announced a subcontractor caused a data breach that exposed the personal and health information of 3,100 patients.
14. CHI's Franciscan Medical Group Suffers Data Breach Caused by Phishing Scam
Tacoma, Wash.-based Franciscan Medical Group notified patients their personal and health information has been compromised due to a phishing scam.
15. Palomar Health Data Breach Affects 5,000 Patients
Escondido, Calif.-based Palomar Health notified 5,000 patients their personal and health information was compromised when a laptop and two flash drives were stolen from a Palomar Health employee.