Health IT Pulse

Sep 30 2014   1:54PM GMT

Number of data breach response teams rises along with threats

Alex Delvecchio Alex Delvecchio Profile: Alex Delvecchio

Data breach

The most effective efforts to limit the damage inflicted by a data breach start before an incident occurs. This is something that security pros in many industries, including healthcare, have observed. Their desire to proactively temper the effects of security incidents is reflected in findings in the second annual survey on data breach preparedness, conducted by Ponemon Institute LLC and sponsored by Experian Data Breach Resolution. The survey report references previous Ponemon research, which indicated that business with established incident response plans could reduce the average cost of a data breach by $17 per stolen record.

The percentage of respondents with data breach response plans in place at their organizations rose from 61% in 2013 to 73% this year. That shift coincided with a 10% year-to-year increase in the number of respondents that reported experiencing a data breach. Healthcare was the second most represented industry in the survey, with its 13% second only to the financial services market, which comprised 19% of the total responses.

The results of another Ponemon data breach survey, sponsored by Informatica Corporation, were released earlier this year. Of 142 respondents employed in the healthcare and pharmaceutical fields, more than half reported that losing customer data was their biggest worry. Though a mere 9% said they thought patient data was in danger, double the respondents indicated they had experienced between two and five security breaches in the past year.

Healthcare data breaches can prove costly on multiple levels. Failure to comply with HIPAA policies can result in fines, on top of what providers spend to test and patch the holes where their security perimeter failed. The HHS Office of Civil Rights (OCR) investigated a data breach involving New York-Presbyterian Hospital (NYP) and Columbia University that left electronic health data of 6,800 individuals exposed. The two organizations submitted their breach report in 2010 and were ordered to pay $4,800,000 to those affected as a result of the OCR’s investigation.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: