Report: Health Data Breaches Increased by 32% in Last Year


The number of reported medical data breaches has increased by 32% since 2010, according to a report conducted by the Ponemon Institute, MedPage Today reports.

ID Experts, a provider of data breach protection services, sponsored the report (Petrochko, MedPage Today, 12/1).

Report Details

For the report, researchers surveyed 300 officials at 72 health care organizations about their experiences with data breaches (Goedert, Health Data Management, 12/1). They found that medical data breaches could be costing the health care industry an average of $6.5 billion annually (Anderson, Healthcare IT News, 12/1).

The report also found that:

  • 96% of respondents reported experiencing at least one data breach in the last 24 months (Conn, Modern Healthcare, 12/1);
  • 49% of respondents said they experienced a data breach related to the loss or theft of computing or data devices; and
  • 41% of respondents said they experienced a data breach caused by employee mistakes.

Organizations' Data Protection Policies

Researchers asked respondents about their organization's data protection policies and found that:

  • 80% of respondents said their organization uses mobile devices that contain patient data, although about 50% said their organization does not protect the data contained on mobile devices;
  • 73% of respondents said their organization lacks sufficient resources to prevent unauthorized patient data access;
  • 61% of respondents said they are not confident that they know where their organization stores patient data;
  • 55% of respondents said they have little or no confidence that their organization is able to detect all patient privacy incidents; and
  • 53% of respondents said a lack of financial resources is hindering their organization's data breach prevention efforts.


Rick Kam, president and cofounder of ID Experts, recommended that health care organizations reduce their risk of data breach incidents by:

  • Creating an inventory of all of their stored personal health data;
  • Developing a plan to respond to data breach incidents; and
  • Reviewing agreements with business associates about data handling policies (Healthcare IT News, 12/1).
Garry Duplantis
As someone who works in the release of information industry, it's a wonder that only 41% of respondents report a breach due to employee error. In our industry, it is not unusual for a mid-sized hospital to receive hundreds of requests per week from attorneys, insurance companies, healthcare providers and many others. With the number of requests received, I'm amazed that the number of breaches isn't much more than reported. Frankly, it probably is but the only ones that make the headlines are the ones above 500, ones done for mailcious purposes or ones done for monetary gain. Does anyone remember the quest to reduce paper use in the workplace a few years ago? Apparently the work never reached the HIM department and the enteties who need copies of records.
Terry Amiel
Please give specific examples of how and where $6.5 Billion dollars was lost due to data breaches. I call this a Bullsh*t statement. This is a comment made by a company (Ponemon Institute) that makes their money by selling data protection about how poorly the public is protected from data breaches. Talk about self serving. They are creating panic and fear of gov't retribution for HIPAA breaches (and there IS a gov't connection) and in so doing making boodles of bucks selling cyber protection. What a scam. The only thing this does is to make dam* sure that those who do not use EMRs or communicate using 'mobile devices' will remain so. As god intended "stylus on papyrus" Don't get me wrong, I love computers, but there is a whole lot of IT whizs out there ready to scam you on the tax payers' dollar. Call me paronoid (your only paronoid if you're wrong) but that's the way I see it.

to share your thoughts on this article.