Healthcare Information Security

Cybersecurity News

Study: Data breaches cost healthcare providers $1.6 billion

By Patrick Ouellette

- MeriTalk and EMC announced the results today of a study, Rx: ITaaS + Trust, dedicated to getting a better understanding of costs for healthcare providers associated with security breaches, data loss and unplanned outages.

The study claims, according to estimates from health IT executives as part of the EMC Global IT Trust Curve Survey, that these incidents cost providers more than $1.6 billion a year. Results also indicate that 61 percent of global healthcare organizations surveyed have experienced a security related incident in the form of a security breach, data loss, or unplanned downtime at least once in the past 12 months. The study broke down the results into those three categories:

Security Breaches

- 19 percent of respondents from global healthcare organizations have experienced a security breach in the last 12 months, which ended up costing them $810,189 per incident. Health IT executives said that malware and viruses (58 percent); outsider attacks (42 percent); physical security (38 percent), and user error (35 percent) were the most prominent causes of breaches.

Data Loss

- 28 percent of respondents have experienced data loss in the past 12 months ($807,571 per incident). And 39 percent have experienced five or more data loss incidents in the past 12 months. Other reasons for data loss spanned from hardware failure (51 percent) to loss of power (49 percent) to loss of backup power (27 percent).

Unplanned Outages

- 40 percent have experienced an unplanned outage in the past 12 months ($432,000 per incident). Respondents said they have lost 57 hours to unplanned downtime over the past 12 months.

To help fix these problems, organizations said they plan to focus on encryption of protected health information (PHI) (55 percent); complying with security risk analyses as part of EHR Meaningful Use requirements (54 percent), and breach prevention and detection (44 percent).

According to the study, of the healthcare organizations that are not currently offering a particular IT capability “as a service ” half said they plan to use this form of subscription-based services within the next five years. These steps include:

- HIPAA Security Risk Analysis as part of EMR Meaningful Use requirements (46%)

- Single Sign On and authentication for Web-based applications and portals (44%)

- Audit tools and log management (43%)

- Encryption for protected health information (42%)

- Multi-factor authentication for remote access for clinical staff accessing networks (including ePHI) remotely (35%)

- Security analytics to help with breach prevention (32%)

- Centralized management and authenticated access to health information (31%)

- Data Loss Prevention to monitor the location and flow of sensitive data (29%)

“Healthcare organizations are making significant IT investments to transform IT infrastructure and ensure that patient information is secure, protected, and highly available,” says Scott Filion, General Manager, Global Healthcare, EMC Corporation. “Trust has become a board-level business priority.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...