More than half of healthcare vendors have suffered at least one breach of protected health data belonging to patients of the healthcare providers they serve, new research shows. On average, a breach exposes around 10,000 patient records and inflicts $2.75 million in damages.
With 54 percent of healthcare vendors experiencing a data breach, cybercrime is a serious consideration in the medical industry. Indeed, patient records are the most expensive type of personal information traded on the dark web for fraudulent purposes, making hospitals and their service providers, such as Electronic Health Record (EHR) vendors, a hot target for cybercriminals.
54 percent of healthcare vendors also believe a single data breach would cost them business and revenue from the healthcare providers they sell to, according to Ponemon Institute research carried out on behalf of Censinet. Between healthcare providers and their vendors, the ‘bill’ associated with a breach is $2.75 million.
28 percent of vendors say healthcare organizations have chosen another service or solution after discovering gaps in a vendor’s privacy and security practices. Medical practices have taken on this stand-offish attitude after discovering that only 36 percent of vendors would immediately notify providers if they confirmed a data breach involving their PHI.
But it seems healthcare providers are the first to blame for this situation. According to the survey, HCPs do not fully embrace risk assessments to accurately measure and manage third-party risk. 41 percent of healthcare vendor respondents said HCPs do not require any action to be taken if they discovered gaps in vendors’ privacy and security practices and policies, and 42 percent say that providers do not require proof that the vendor complies with privacy and data protection regulations.
A simple solution to this problem would be for both parties to acknowledge that cyber-risk is an industry-wide problem, shouldered by healthcare institutions and their service providers alike, according to the report.
"This research highlights many of the shortcomings in the risk assessment process and just how inadequate and ineffective industry certifications and frameworks are today for vendors," stated Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute.
In 2018, for the eighth year in a row, healthcare organizations incurred the highest costs from data breaches, costing them an average $408 per lost or stolen record. A report by IBM published in August 2018 found that data breaches in healthcare were nearly three times higher compared to other industries.