For the first time, criminal attacks are the leading cause of data breaches in healthcare, with such attacks up 125 percent versus five years ago, replacing lost laptops as the top cybersecurity threat to the industry.
That is the finding of a new study by the Ponemon Institute, sponsored by security software and services vendor ID Experts, in which 45 percent of healthcare organizations indicate the root cause of their data breach was a criminal attack and 12 percent say it was due to a malicious insider.
“We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks. While employee negligence and lost/stolen devices continue to be major causes of data breaches, criminal attacks are now the number-one cause,” said Larry Ponemon, chairman and founder of the Ponemon Institute.
Data breaches are costing the healthcare industry $6 billion annually, Ponemon reports, with the average economic impact of data breaches per organization pegged at $2,134,800. In addition, medical identity theft nearly doubled in five years, from 1.4 million adult victims to over 2.3 million in 2014. Yet, the study also found most healthcare organizations are unprepared to address new threats and lack adequate resources to protect patient data.
According to the study, all healthcare organizations—regardless of size—are at risk for data breaches. Ninety-one percent of healthcare organizations had one data breach, 39 percent experienced two to five data breaches and 40 percent had more than five data breaches over the past two years. Nonetheless, nearly two-thirds of respondents do not offer any protection services for patients whose information has been breached.