Survey: 8% of healthcare groups say they’ve been hacked in the last year

data encryption and cybersecurity illustration

In a recently released survey of 200 healthcare chief information officers, health information technology directors and other leaders, 8% said their data had been hacked in the last year, representing a small but notable threat to patient and hospital data security.

Loss or theft of sensitive patient medical records and hospital data makes headlines around the country, creating momentum around boosting security and data encryption, but there’s still a "long way to go," according to the report.

"Technology is changing all the time, [and we’re] getting different kinds of attacks that we need to protect against," according to San Diego-based Sharp Healthcare CIO Bill Spooner. "We have to continue to raise our game just in the same way that hackers are raising theirs."

The most common form of information breach was a fax or mailer that had been misdirected, representing 40% of all data security incidents, but "insider attacks" such as identity theft or "record snooping" affected nearly 1/3 of organizations as well. Only 35% of those surveyed said they hadn’t had any breaches in the last 12 months, but security experts warned that the reported breach numbers are likely low.

"I’m sure there are lots of breaches that go unreported," cybersecurity consultant Tom Walsh told survey organizers. "If you think you are in great shape because no breaches are being reported, you may want to go back and do a little closer look. Perhaps your employees or your workforce members don’t even know that something is a reportable event. Or maybe they don’t know how to report it."

In general healthcare groups have ramped up their security efforts and sought ways to enhance data encryption and personnel training, but too much of that has been the result of an incident rather than proactive security efforts, Spooner added. The "key" to winning executive support for a security boost may be "to have a breach or have your neighbor have a breach," he said.

"Typically, the organization that has the breach finds themselves implementing more rigorous procedures – things that they probably should have had in the first place," Spooner told survey organizers. "But with the number of reported breaches that we’re seeing in the news almost every week, it’s not quite as difficult of an argument as it was 5 or 10 years ago, because we realize that we’re all vulnerable."

Healthcare providers have certainly ramped up their internal security audits, according to the survey. In 2011 more than a quarter of surveyed groups said that had not conducted a risk assessment, compared with only 8% in the most recent survey.

"When you recognize that almost every week there is some kind of a reported breach around the country involving thousands of patient records being potentially compromised, and the fines and other punishment plus the poor public relations that go with that, it’s really increasing the emphasis, rightfully so, on improving our security profiles," Spooner said.

The survey, conducted in the fall of 2012, was organized by the editorial staff of Information Security Media Group, with the assistance of members of the HealthcareInfoSecurity board of advisers.

RSS From Medical Design & Outsourcing

  • GlobTek presents its latest level VI AC/DC adapter and connverter
    T-43086-WWVV-X.X-Q Model is an addition to GlobTek’s Level VI compliant GT-43086 family and represents GlobTek’s 6 Watt wall plug-in series of AC/DC adapters (power supplies and chargers) with International Interchangeable blades. GlobTek’s changeable input blade system with individual field replaceable input plugs, including: North America and Japan NEMA 1-15P, Australian, UK BS 1363, European CEE […]
  • Sanmina’s familiarity with FDA gets skin treatment product to market fast
    The medical market for cosmetic devices is booming. However, quickly launching new products to meet demand is becoming more challenging because device manufactures face increased regulatory scrutiny. To help meet regulatory requirements, aesthetic and other medical-device OEMs are partnering with electronics manufacturing services (EMS) companies that also offer expertise with the FDA filings necessary to […]
  • Fluid connectors and quick disconnects for IVD equipment from CPC
    Colder Products Company (CPC) offers thousands of tubing connectors, quick disconnects and fittings for smart fluid handling in IVD and analytical equipment. Non-spill connectors speed testing throughput by eliminating drips, preventing air inclusion and increasing operator safety. Panel mount connectors can be added to existing equipment or bottle caps to provide secure, leak-free connections. Puncture […]
  • 310 Watt desktop medical power supply meets efficiency level VI requirements
    Power Partners releases a new 310 Watt medical grade desktop power supply from their PEAMD Series of AC and DC adapters. The 310 Watt unit is packed for ideal performance inside a compact case measuring 7.8 x 4 x 2 in. with a weight of only 3 lbs. The PEAMD310 Series is approved to the latest […]
  • Saelig introduces Multiple Instrument System MIS4 universal test system
    Saelig Company has introduced the ABI Electronics’ Multiple Instrument Station MIS4, an all-in-one testing tool that provides all commonly required test instruments in one compact programmable hardware module, mounted in a compact case or installed in a PC-drive bay. Controlled by ABI’s sophisticated SYSTEM 8 Ultimate PC software with a simple yet programmable operator interface, […]
  • AssurX announces document management software update for small to mid-size companies in FDA regulated industries
    AssurX, an enterprise quality management, risk and regulatory compliance solution provider, announces the release of the latest update to their AssurX document management software. The document management solution provides a cost-effective solution for small to medium sized companies faced with streamlined operations and is fully compliant for FDA regulated industries. Ideal solution for small to […]
  • Saelig presents new Amplicon Impact-R 1100F series computer
    Saelig Company announces the Amplicon Impact-R 1100F series, a fanless system powered by the Intel ATOM D2550 processor. Configured with a high performance 2.5 in. MLC Solid State Drive (SSD), the Impact-R 1100F series is a silent controller system. With options for multiple serial communication ports, the Impact-R 1100F can offer up seven DB9 connections […]
  • Gerresheimer to acquire Centor
    Gerresheimer AG, a partner to the global pharmacy and healthcare industry, will further extend its pharmaceutical packaging business with the acquisition of Centor. Gerresheimer has reached an agreement with Nemera Development S.A. to acquire 100% of the share capital of Centor US Holding. “Centor is the highly profitable market leader for plastic vials and closures in […]
  • Methods Machine Tools presents the new Nakamura-Tome NTRX-300
    Methods Machine Tools, a developer of precision machine tools and automation, has introduced the new Nakamura-Tome NTRX-300, a multitasking turning center featuring complete parts machining in one operation, with a built-in load and unload automation system and advanced operator recognition management software. The NTRX-300 features true opposing twin spindles: an 8 in. A2-6 25 HP or […]
  • MSC Apex Diamond Python and Smart Midsurface speeds modeling to validation
    MSC Software announced a new release of MSC Apex, the company’s award-winning next generation Computer Aided Engineering (CAE) platform. The MSC Apex Diamond Python release introduces: · The fourth release of MSC Apex Modeler is a CAE Specific direct modeling and meshing solution that streamlines CAD clean-up, simplification and meshing workflow. New in this release is […]
  • Quality Metrics: FDA’s plan for a key set of measurements to help ensure manufacturers are producing quality medications
    Editor’s Note: This article is written by Ashley Boam and Mary Malarkey from the “FDA Voice” blog. Boam is an FDA’s acting Director of the Office of Policy for Pharmaceutical Quality, the Office of Pharmaceutical Quality and the Center for Drug Evaluation and Research. Malarkey is an FDA’s Director if the Office of Compliance and Biologics Quality […]

Leave a Reply