A Health Care Accident Waiting to Happen

Slide Show

Patient Records: A Crisis Waiting to Happen

Not only are breaches continuing to happen on a regular basis, they are costing about $2 million each.

Despite all the concerns about data breaches, privacy and electronic health care, it looks like a major security breach is still just waiting to happen in the health care sector.

A new study of 65 health care organizations from The Ponemon Institute that was commissioned by ID Experts, a provider of data security software, finds that while most organizations have yet to suffer what could be called a major breach, the frequency of breaches suggest that one is probably imminent.

When it comes to securing health records, ID Experts president Rick Kam says most organizations still don't have the budgets and processes in place needed to secure health care records. In fact, the survey finds that the confidence that IT executives have concerning their ability to secure those records is shaky at best.

The study finds that part of that lack of confidence stems from the simple fact that not many people have been specifically allocated to secure these records. The end result is that it's unclear who is actually responsible for securing health care records. Nevertheless, the health care organizations surveyed are on average absorbing $2 million in costs every two years. Worse yet, 70 percent said that securing patient data was not a high priority. As a result, only 16 percent said they have dedicated security technologies in place to protect patient data.

Kam says he also doubts that health care organizations fully appreciate the financial impact of a breach. Beyond the simple cost of informing patients that their records may have been compromised, each successive breach generally results in lost business as more patients go looking for health care providers that can truly secure their information. And while the rise of electronic health care records creates an opportunity to manage data more securely, it also creates a central repository that is easier to target. So unless steps are taken to secure those electronic records, they could wind up actually exacerbating the problem by making it easier for cyber criminals to target health care organizations.

Whether it's going to take a major security breach to get senior managers at health care organizations to focus on this issue is still really anybody's guess. But for the moment, it looks like health care providers are not paying as much attention to security as they should, which leads Kam to conclude that it's only a matter of time before something goes terribly wrong.