Insider Actions Cause Half of all Data Security Breaches in Healthcare | whitepapers

One-Third of All Data Security Breaches Occur in Healthcare Industry

Insider Negligence, Malfeasance Responsible for Half of all Breaches in Healthcare

2011 is on pace to be the second biggest year for data security breaches in the seven years the Privacy Rights Clearinghouse has been monitoring breaches. A staggering 453 breaches have been reported to the Clearinghouse through October 25, 2011, exposing more than 30 Million individual records, from health and personnel records to legal and financial records. Many included Social Security numbers — the Holy Grail of identity theft.

Privacy Rights Clearinghouse reports reflect activity in strategic sectors in the United States, including healthcare, financial, education and other industries. But it is the healthcare industry that leads the stat pack, with 159 breaches year-to-date, or 35 percent of the total across all industries. Education and financial verticals follow distantly at 50 and 43 breaches respectively.

According to Privacy Rights Clearinghouse reports, malicious outsider intrusion, or hacking, was responsible for 109 breaches this year affecting 13.4 Million records across all industries. In contrast, the actions of insiders, through negligence, oversight or willful misconduct, accounted for 307 breaches — nearly three times as many breaches as external attacks.

Of all insider misconduct in all industries, 50 percent occurred in healthcare.

A report by the Identity Theft Resource Center, based on data breach statistics compiled by the U.S. Department of Health and Human Services, contains similar findings, noting that 113 of the 385 organizations that suffered a significant data breach in the first half of 2010 were healthcare providers — almost 30 percent (as compared to the 35 percent found by the Privacy Rights Clearinghouse). To qualify as a significant breach, the compromised data must have included Social Security numbers, driver's license numbers and financial account information.

According to the ITRC report, this trend reflects both the vast amount of personal data housed at hospitals and medical centers and the comparatively lax security employed by these organizations.

Certainly, the healthcare industry is rife with employees who enjoy ready access to personal health information (PHI) as well as personal financial information, and seems plagued by unethical employees motivated to steal that information for personal gain and profit.

Click here to read this report or click the PDF button at top right.