A discussion of the findings in the recently released study concerning healthcare breaches in 2014.

A 5 star review is all we ask from our listeners.
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy.


A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations.


Fourth Annual Benchmark Study on Patient Privacy and Data Security

Criminal Attacks: The New Leading Cause of Data Breach in Healthcare


Kardon Compliance


Represented in this study are 90 CE and 88 BAs.

This year is the first time BAs were added to the study data.  Previous fours years only CEs were included.

A security incident is defined as a violation of an organization’s security or privacy policies involving protected information such as social security numbers or confidential medical information.

A data breach is an incident that meets specific legal definitions per applicable breach law(s). Data breaches require notification to the victims and may result in regulatory investigation, corrective actions, and fines.

Points to note:

  • There has been a 125% increase in breaches due to criminal attacks on healthcare data over last 5 years.
  • Only 40% of healthcare organizations and 35% of BAs are concerned about cyber attackers even though it is now the number one reason for breaches and increasing rapidly.
  • Security incidents that aren’t breaches are also primarily criminal attacks: 78 percent of healthcare organizations and 82 percent for BAs security incidents.
    • 87% of BAs had multiple security incidents in the past 2 years involving the exposure, theft or misuse of electronic information.
      • 70% say they have had between 11 and 30 electronic information-based security incidents.
    • Most involved the exposure of less than 100 PHI records.
  • Medical identity theft has nearly doubled in five years, from 1.4 million adult victims to over 2.3 million in 2014.
  • Employee negligence remains a top concern when it comes to exposing patient data inappropriately.
  • Many victims of medical identity theft report they spent an average of $13,500 to:
    • Restore their credit,
    • Reimburse their healthcare provider for fraudulent claims and
    • Correct inaccuracies in their health records.
  • According to the findings of this research, the average cost of a data breach for healthcare organizations is estimated to be more than $2.1 million.
  • No healthcare organization, regardless of size, is immune from data breach.
  • The average cost of a data breach to BAs represented in this research is more than $1 million.
  • Even though organizations are slowly increasing their budgets and resources to protect healthcare data, they continue to believe not enough investment is being made to meet the changing threat landscape.

Interesting question details:

Poneman Breach Study Question