Health care data breaches expected to continue to rise
■ The sector is going through a transformation with a more intense focus on sharing medical information.
By Pamela Lewis Dolan — Posted Sept. 7, 2010
- WITH THIS STORY:
- » Related content
Verizon Business recently released its annual analysis of electronic record breaches and found that although the total number of breaches has gone down from a year ago, health care breaches have gone up. And the rise is expected to continue.
Verizon conducts an annual analysis of electronic data breach cases, across all industry sectors, that is fueled by customer complaints.
The report found that of the 900 breaches analyzed -- including cases investigated in 2009 by the U.S. Secret Service, which collaborated on the report with Verizon for the first time -- 3% were from the health care sector. There were so few health data breaches the previous year that they were included in the "other" category.
The top three sectors hit were financial, hospitality and retail. The analyzed records were limited to the caseload of the Secret Service and Verizon, so the report does not represent an industrywide analysis of each sector.
Chris Novak, managing principal of investigative response for Verizon Business, said he expects the number of health data breaches to continue to increase. Health care is going through a transformation with an increased focus on sharing medical data among facilities, he said.
"Any time you have an industry that experiences significant, dramatic or quick changes, it creates some chaos and confusion, and ... areas of chaos or confusion are kind of the breeding ground for typical fraud and abuse," Novak said.
He said health care information is among the most valuable data the survey analyzes.
The report suggests that organizations not ignore basic security fundamentals in favor of more interesting technology meant to protect them from breaches. This includes looking for and responding to all "minor" policy violations. Novak said organizations often fail to enforce internal policies because they are considered common sense and not worth talking about.
Health care organizations need to perform regular audits of systems to see who accessed what records and why, the report said. The survey found an overall increase in the number of breaches that originate internally.