Health IT Pulse

Mar 16 2011   1:00AM GMT

Cost of a data breach rises over last 12 months

Don Fluckinger Profile: Don Fluckinger

Tags:
Data breach
HIPAA
patient data security
PHI

Setting aside the somewhat nebulous costs of Health Insurance Portability and Accountability Act (HIPAA) enforcement and the negative publicity involved with data breaches, we can still say definitively that the cost of a health care data breach is rising. How much? It costs $20,663 to resolve a case of medical identity theft, according to a recent survey commissioned by Experian and conducted by security research experts at the Ponemon Institute. That’s up $503 from last year’s survey results.

Oddly, hospitals understand the importance of securing patient data, but that doesn’t necessarily equate to their taking action to do it. Why is that? It could be that patients don’t yet understand the potential for bad repercussions when their information gets stolen.

“Our study shows that the risk and the high cost of medical identity theft are not resonating with the public, revealing a serious need for greater education and awareness,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a press release announcing the report. “We also feel these results put an even greater onus on health care organizations to make the security of sensitive personal health information a priority in order to protect patient privacy.”

Other key findings of the survey:

  • Patients aren’t getting it: Half (49%) of past victims of medical identity theft took no new steps to protect themselves afterwards.
  • Fewer victims are reporting identity theft: 50% did not report the incident to law enforcement or other legal authorities. That’s up from 46% in 2010.
  • This next stat could explain the above two stats: 36% of all victims of medical identity theft said a family member was the thief. This was the most common scenario by an overwhelming margin.
  • Moreover, 51% of respondents indicated the No. 1 reason why they didn’t report the incident after discovery is that they knew the thief and did not want to report him or her.
  • Respondents aren’t watching CNN or Fox News closely: More than half (55%) are not familiar with or have no knowledge about the new health care reform policies — and how, potentially, a new national health care database could pose security risks to their data.

Finally, this last one’s on the health care providers: While 14% of medical identity thefts happened after a data breach, only 5% of victims learned about it via a breach notification from the provider. That appears to confirm a theory security experts express to SearchHealthIT.com editors in interviews on a fairly regular basis: Hospitals don’t have monitoring mechanisms in place to detect when a data breach occurs, and breaches are occurring unnoticed.

12  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Don Fluckinger
    Here's a stat to justify health IT #HIT #security/#HIPAA investment to the CEO-tt costs $20,700 to fix one pt ID theft. http://bit.ly/fyIU0U
    0 pointsBadges:
    report
  • Jenny Laurello
    Survery says? Cost of a #healthIT data breach is on the rise! "To resolve a case of medical iden.." http://bit.ly/fyIU0U #HIPAA #EHR #EMR
    0 pointsBadges:
    report
  • Jenny Laurello
    Survey says? Cost of a #healthIT data breach is on the rise! "To resolve a case of medical identity.." http://bit.ly/fyIU0U #HIPAA #EHR #EMR
    0 pointsBadges:
    report
  • Jenny Laurello
    Cost of a #healthcareIT data breach on the rise. "How much? Up from last year, it costs $20,663 to... "http://bit.ly/fyIU0U #HealthIT #HIPAA
    0 pointsBadges:
    report
  • George Jenkins
    The cost of a health care data breach rises. http://tinyurl.com/4jq5vad [Health IT Exchange]
    0 pointsBadges:
    report
  • Rick Ramos
    Survey says? Cost of a #healthIT data breach is on the rise! "To resolve a case of medical identity.." http://bit.ly/fyIU0U #HIPAA #EHR #EMR
    0 pointsBadges:
    report
  • BP, Google keep corporate privacy policies in the limelight - CIO Symmetry
    [...] latest “U.S. Cost of a Data Breach” report, released in March, found that costs for data breaches reached $214 per compromised record and averaged $7.2 million per data breach [...]
    0 pointsBadges:
    report
  • BP, Google keep corporate privacy policies in the limelight - IT Compliance Advisor
    [...] latest “U.S. Cost of a Data Breach” report, released in March, found that costs for data breaches reached $214 per compromised record and averaged $7.2 million per data breach [...]
    0 pointsBadges:
    report
  • Ken Scott
    Cost of a data breach rises over last 12 months http://tinyurl.com/4jq5vad
    0 pointsBadges:
    report
  • Casey Cleland
    RT @PresiNETHealth: Cost of a data breach rises over last 12 months http://tinyurl.com/4jq5vad
    0 pointsBadges:
    report
  • Jared T. Friends
    JF_#HIPAA#EHR#Security:$20,663, that's the amount it costs to resolve medical identity theft! http://bit.ly/hMaRkR Let's reduce this by 20k.
    0 pointsBadges:
    report
  • BTS, Inc.
    JF_#HIPAA#EHR#Security:$20,663, that's the amount it costs to resolve medical identity theft! http://bit.ly/hMaRkR Let's reduce this by 20k.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: