A recent study by Ponemon Institute, the Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, concluded that the majority of data breaches are not accidental, but intentional.  These cyberattacks against health care providers cost the U.S. health care system $6 billion a year.  According to the report, the average cost of a data breach for healthcare organizations is more than $2.1 million, and the average cost of a data breach for business associates is more than $1 million.

Bloomberg News, quoting Trend Micro Inc.’s chief cybersecurity officer Tom Kellermann, reports “The health-care industry is being hunted and hacked by the elite financial criminal syndicates that had been targeting large financial institutions until they realized health-care databases are more valuable.”  Bloomberg further states the information contained in medical records, such as social security numbers, insurance IDs, addresses and medical details, can sell for as much as 20 times the price of a stolen cred-card number.  About half of the health care organizations surveyed by Ponemon said they didn’t have sufficient technology to prevent or quickly detect a breach, or the personnel with the necessary technical expertise.

Healthcare organizations and business associates alike should consider this information not only to ensure they have the proper processes and security posture in place to protect against these risks, but also to limit potential exposure when entering into contracts with healthcare organizations and/or business associates.

Written by: Jacob Simpson