Over 2100 Total Lots Up For Auction at Five Locations - NJ 04/25, MA 04/30, NJ Cleansweep 05/02, TX 05/06, NJ 05/08

Spanish Spanish

Data breaches widespread among U.S. hospitals: report

by Brendon Nafziger, DOTmed News Associate Editor | December 06, 2012
Share

Still, most breaches were not the result of an outside hack perpetrated by some shadowy gang of Internet thieves. Rather, the leading cause of a breach was a laptop, smartphone or other device getting lost or stolen, followed by an employee goof-up and an error by a third-party group.

"Most of the data breaches are in fact caused by employee negligence," Ponemon told DOTmed News. "They're not malicious."

He added in a follow-up e-mail an estimated two-thirds of breaches recorded in the study were not due to "criminal mischief."

Threat vectors

But Ponemon found lots of room for more threats in the future, as most hospitals now use cloud-based services and 81 percent let employees practice the controversial BYOD, or Bring Your Own Device. This means they let staff use their own mobile device to connect to a network or enterprise system. But almost half don't ensure those devices are protected.

Also, most surveyed organizations do not secure their medical devices. Ponemon said in the report that mammography scanners, heart pumps and insulin pumps often use commercial PCs and wireless connections that could make them prey to hackers, yet 69 percent of respondents did not secure these or other devices. "This finding may reflect the possibility that they believe it is the responsibility of the vendor — not the health care provider — to protect these devices," the report said.

What should providers do? Kam and Ponemon say it mostly comes down to more frequent checks and better planning. Hospitals should have daily checks on their systems, do annual risk assessments that take into account new technologies, like the cloud and mobile devices, make sure business associates (like cyber insurance providers) are included in their response planning, and create a data breach plan the same way they would make a fire escape plan.

"When you discover you had a lost laptop that had protected health information, you can basically scramble the executive team — the crisis team if you will — so they can respond effectively," Kam said.

The survey, the Third Annual Benchmark Study on Patient Privacy and Data Security, is based on responses from 80 organizations, a 16 percent response rate, Ponemon said in the report. Ponemon noted the survey had some limitations and some of the results might not be generalizable to the whole health care system, largely due to the small sample size.

Back to HCB News
Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

 

advertisement

More Industry Headlines

How can radiologists take action on climate change?
Refurbished medical imaging equipment market poised for growth
Can portable MR support progress monitoring of amyloid therapy?
Patient falls from CT table, files lawsuit against Connecticut provider
Blackford and Lucida Medical announce commercial partnership for MR prostate AI
Arineta installs novel SpotLight Duo cardiothoracic CT at Texas health system
Fresenius Kabi USA recalls infusion pump
Accuray opens European training hub in Switzerland
FDA issues report on medical device safety initiatives
ACR cuts workforce 11% citing pandemic impact