| February 29, 2016
| 2:00 PM
The average global cost of a data breach as a result of a lost or stolen record is $154. The average cost per industry, however, is as high as $398 in healthcare, $300 in education, $220 in pharma, and $215 in the financial services, according to the Ponemon Institute. With cyber criminals selling information on the black market at a rate of $50 for each partial electronic health record, according to the FBI Cyber Division, it’s no wonder that the Ponemon Institute reports that criminal attacks are the number-one root cause of healthcare data breaches, which grew 125 percent over the last five years.
The 2015 Protected Health Information Data Breach Report, published by Verizon’s Data Breach Investigations Report (DBIR) team, takes a deeper dive at confirmed Protected Health Information (PHI) breaches, which involved more than 392 million records and 1,931 incidents in 25 countries. While the report takes a look at how these breaches happen, the timeframe for the discovery of breaches and how they impact the physician-patient relationship, it also offers ways to mitigate the risks.
It’s critical for organizations to know what attackers are after. Personally identifiable information (PII) is a popular target because it allows attackers to commit financial and medical fraud. And while cybercrimes has risen exponentially, attackers don’t just target electronic files. Because of the value in their data, paper records and X-rays are also targets.
The 2015 Protected Health Information Data Breach Report presents various graphs to help organizations understand the risks, such as the type of action (physical, error, misuse, hacking, malware and social); whether the attacker is external, internal or has a partner; and the gap between when the PII is compromised and when it is finally detected. When organizations understand the what, why, where, when and how breaches occur, they are better able to develop a clear strategy and stay informed and involved in order to proactively mitigate risks.
