A whopping 40% of healthcare organizations in a recent survey have experienced more than five data breaches in the past two years, with 90% of the organizations having had at least one breach during that period, according to a report by the Ponemon Institute.
Criminal attacks, which have more than doubled in the past five years (up 125%), are now the most common cause of healthcare data breaches, according to the Traverse City, Mich.-based research company, whose portfolio of subjects includes healthcare data privacy and security issues.
Forty-five percent of the 90 healthcare organizations in this year's survey and 39% of the business associates reported that the root cause of their data breaches was a criminal attack. Malicious insiders were blamed for 12% of the breaches reported by healthcare organizations and 10% of those reported by business associates participating in the survey, the Ponemon report said.
The average cost per breach is estimated at more than $2.1 million for healthcare organizations and $1 million for businesses associates, which help with healthcare data-handling chores.
Of the 1,219 major healthcare data breaches reported to the "wall of shame website" kept since September 2009 by the Office for Civil Rights at HHS, 10% were attributed to hacking or other IT incidents. Each of these breaches exposed the records of 500 or more individuals and, in aggregate, the records of 133.3 million individuals.
Three of the four largest breaches since the ONC began record-keeping occurred within the past year and involved hackers. The three led to the exposure of records of more than 94 million individuals, including 78.8 million in the largest breach on the list, disclosed in February and attributed to hackers from China involving health insurer Anthem.
The Ponemon research was sponsored by ID Experts, a data security firm based in Portland, Ore.