Data breaches cost hospitals $4B annually
Hospital Safety Insider, November 7, 2019
Want to receive articles like this one in your inbox? Subscribe to Hospital Safety Insider!
By Jack O’Brien
The total cost of data breaches at healthcare organizations is projected to reach $4 billion by the end of 2019, according to a Black Book survey released Monday morning.
Nearly all information technology (IT) professionals at provider organizations believe that data hackers are outpacing organizational efforts to protect sensitive healthcare data, a trend which is expected to worsen in 2020.
Ninety-three percent of healthcare organizations reported a data breach in the past three years and 57% of respondents said their respective organizations experienced more than five data breaches over the same period of time.
For 2019, respondents estimated that data breaches cost organizations $423 per record.
Additionally, provider organizations continue to be the most targeted organizations for cyberattacks, according to Black Book, accounting for nearly 80% of attacks. Respondents indicated that over half of data breaches were caused by an external party.
There have been several high-profile data breaches at hospitals around the country in recent months, including a breach in mid-June at Massachusetts General Hospital that affected nearly 10,000 people and a “data security incident” at Presbyterian Healthcare Services that affected around 183,000 patients.
Most recently, DCH Health System had to temporarily stop accepting patients due to a malware attack that affected its computer systems.
Despite the rise of cyberattacks on hospitals in recent years, most IT professionals said that budgets have not increased to keep up with the demands to protect patient data.
For hospital IT budgets, cybersecurity accounts for 6% of the annual spend but provider organizations have onlyt set aside less than 1% of their fiscal year 2020 budgets for cybersecurity.
The Black Book survey also pointed to a lack of focus from hospital leadership on overseeing cybersecurity decision-making, with only 4% of organizations implementing a steering committee to account for cybersecurity investments. Just over one-fifth of hospitals reported having a “dedicated security executive,” while only 6% reported having a leader with the title of ‘Chief information security officer.’
Jack O’Brien is the finance editor at HealthLeaders, a Simplify Compliance brand.
Want to receive articles like this one in your inbox? Subscribe to Hospital Safety Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Residency coordinators’ responsibilities
- Study: Shorter shifts reduces residents’ attentional failures
- RPA Subscriber Exclusive: February issue of Residency Program Alert now available
- Practice the six rights of medication administration
- Editor’s note
- The consequences of an incomplete medical record
- Note similarities and differences between HCPCS, CPT® codes
- Nursing responsibilities for managing pain
- Q&A: Primary, principal, and secondary diagnoses
- E-mailed
-
- White Paper: Postacute CDI: An Introduction to Long-Term Acute Care Hospitals
- Use modifiers -59, -91 to "explain" duplicate codes
- Unclear documentation fuels ongoing challenges in assigning appropriate POA indicator
- Tim Porter-O'Grady sounds off
- Skills of effective case managers
- Q: Can you clarify the reporting of dates on the plan of care for diagnosis onset and exacerbation?
- Note similarities and differences between HCPCS, CPT® codes
- ICD-10-CM coma, stroke codes require more specific documentation
- Fracture coding in ICD-10-CM requires greater specificity
- Eight tips to improve MRI throughput
- Searched