News Feature | August 29, 2014

Breaches Cost Healthcare $5.6B Annually

Katie Wike

By Katie Wike, contributing writer

Healthcare Breach Costs

Since 2009, breaches of patient data have affected more than 30 million Americans.

A major data breach is defined as one that affects at least 500 people. HHS reports more than 30 million patients have been affected since 2009 in breaches that meet that definition. Overall, data breaches cost the industry $5.6 billion every year.

iHealth Beat reports the types of breaches include:

  • medical record theft, which has affected 17.4 million individuals
  • data loss, which has affected 7.2 million individuals
  • hacking, which has affected 3.6 million individuals
  • unauthorized access accounts, which has affected 1.9 million individuals

The Washington Post’s blog, Wonkblog, says the healthcare sector accounted for 43 percent of major breaches in 2013. "It is more difficult, perhaps, for that industry to brush something under the rug and want to chance not disclosing it because the ramifications for being found out are pretty significant," said ITRC chief executive Eva Velasquez. "There's just a lot of regulation in place there."

The blog does point out though, a breach doesn’t necessarily mean identity theft as “a reportable breach could occur when someone loses a laptop with patient data, or some patient records are tossed in a dumpster.”

To protect against breaches, hospitals are taking the following steps:

  • hiring new, security-focused staff
  • implementing new security processes
  • installing new security software
  • meeting with their boards more consistently

An Experian report earlier this year cautioned, “The number of data breaches both experienced and reported is expected to continue to rise, with new security threats and regulations pushing for more transparency on the horizon. All signs are pointing to 2014 being a critical year for companies to better prepare to respond to security incidents and data breaches.”

When it comes to healthcare, the report said it “will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014."