Lack Of Data Security Could Cost Healthcare Organizations 1.6B

Posted on February 4, 2014 by Frank J. Rosello

If you’re shirking your security systems’ obligations all to save a few pennies, better think again. Chances are, it will end up costing much more down the road — a whopping $1.6 billion more.

Most healthcare organizations nationwide, some 61 percent to be exact, reported a security related incident in the form of security breach, data loss or unplanned downtime at least once this past year, according to a new health IT report by MeriTalk, a public-private organization working to improve government information technology.

These security events cost U.S. hospitals an estimated $1.6 billion each year. Breaking it down by incident, hospitals should expect to hand over on average $810,000 per security breach, which occurs at nearly one in five healthcare organizations nationwide.

The bulk of those security breaches, 58 percent, result from malware and viruses; outsider attacks account for 42 percent; and physical security, which includes equipment loss or theft, accounts for 38 percent.

It’s not just the breaches, however, that are costing healthcare organizations some serious cash. It’s also hardware and software failures that can result in big time data loss and unplanned outages.

Data loss has affected nearly one in three healthcare organizations this past year, costing on average $807,571 per incident. The biggest culprits? Hardware failure at 51 percent; loss of power at 49 percent and loss of backup power at 27 percent.

What’s more is providers know they’re not prepared. Most are even confident they won’t be able to restore 100 percent of the data required by SLAs following an emergency. The majority — 82 percent – say their technology infrastructure is not fully prepared for a disaster recovery incident. Resultantly, some are working to change that.

“Healthcare organizations are making significant IT investments to transform IT infrastructure and ensure that patient information is secure, protected and highly available,” said Scott Filion, general manager, global healthcare at EMC Corporation — the report underwriter — in a Feb. 3 statement. “Healthcare organizations have always focused on information security, but today they must do more to protect data and ensure accessibility to meet ARRA HITECH HIPPA requirements.”

Despite these report findings, only a moderate number of healthcare organizations indicated they are taking the necessary steps to prepare and prevent security events in the future. For instance, only 42 percent said they were moving forward with encryption initiatives, and 44 percent said they were getting single sign-on and authentication for Web-based applications and portals.

Moreover, despite the uptick in HIPAA privacy and security breaches this past year in addition to HHS’ Office for Civil Rights Director Leon Rodriguez promising a comprehensive audit program in 2014, only 32 percent are moving forward with security analytics to help with breach prevention.

Article written by Erin McCann

• Recent News

  • Texas Launches Certification Program To Bolster HIPAA Compliance
  • Internet Explorer Vulnerability: Steps To Take
  • Five Misconceptions About Cloud Computing
  • ONC Chief’s Perspectives On Patient Privacy and Security
  • ONC Chief DeSalvo Charts New Course

• Press Release Archives

• EI Connections Newsletter Archive

  
  

  Sign up for the
  EI Connections Newsletter

  * Email

  
  

• Categories

  • ACA
  • ACO Rule
  • ACOs
  • Cloud Computing
  • CMS
  • CMS eRx Rules
  • CMS Final Rule
  • CMS Proposed Rule
  • e-Health
  • EHR Adoption
  • EHR Data Sharing
  • EHR Implementation
  • EHR Incentives
  • EHR Information Security
  • EHR Meaningful Use
  • Electronic Health Records
  • Electronic Medical Records
  • EMR
  • Environmental Intelligence
  • Health Information Exchange
  • Health IT
  • Health IT Best Practices
  • Health IT Data Security
  • Health It Interoperability
  • Health IT Policy
  • Health IT Services
  • Healthcare
  • Healthcare Information Security
  • Healthcare Leasing
  • HHS
  • HHS Final Rule
  • HHS Initiatives
  • HIE
  • HIPAA 5010
  • HIPAA Complicance
  • HIPAA Omnibus Rule
  • HIPAA Privacy and Security Rule
  • ICD-10
  • Meaningful Use
  • medical practice best practices
  • mHealth
  • ONC
  • Patient Privacy
  • Personal Health Record
  • PHI Data Security
  • Press Releases
  • Radiology Systems
  • Telehealth
  • Telemedicine

• Tag Cloud

  CMS CMS EHR Incentives CMS Policy EHR EHR Adoption EHR Best Practices EHR Cloud Hosting EHR Consulting EHR Hosting EHR Implementation EHR Incentives EHR Study EHR Technology Enhancements EI Connections Newsletter Electronic Health Records Electronic Medical Records EMR Environmental Intelligence Healthcare Health Information Exchange Health IT Health IT Best Practices Health IT Information Security Health IT Policy Health IT Services Health IT Standards Health IT Tips HHS HIE HIE Standards HIPAA Compliance HIPAA Privacy and Security Rules HIT ICD-10 Meaningful Use medical practice best practices OCR ONC Patient Experience PHI PHI Data Breaches PHI Data Security PHI Security Stage 2 Meaningful Use Rule Stage 3 Meaningful Use