The second annual benchmark study on patient privacy and data security revealed some alarming new threats to healthcare organizations. Here are a few of the findings that our Cyber & Security experts think you need to know:

According to the study, the frequency of data breaches among organizations that took part in the study increased 32% over the last 12 months. 96% of all healthcare providers say that they have had at least one data breach in the last two years.Most of these breaches were due to employee mistakes and/or sloppiness; 49% of respondents cited lost or stolen computing devices and 41% note unintentional employee action. According to 46% of participants, another disturbing cause of security breaches is third-party error, including business associates.

Widespread use of mobile devices is putting patient data at risk. 81% of healthcare organizations in the study reported that they use mobile devices to collect, store, and/or transmit some form of PHI. However, 49% of participants revealed that their organizations do nothing to protect such devices.

Figures and Averages:

• On average, organizations have had 4 data breach incidents during the past 2 years. Last year's study found the average to be 3 per organization in the same timeframe.
• The average economic impact of data breach over the past 2 years is $2.2 million. This represents a $200,000 increase over last year's findings.
• The average number of lost or stolen records per breach was 2,575. This represents an increase from the 1,769 average stolen records revealed in last year's study.
• Top three causes for a data breach are: lost or stolen computing device, third-party error and unintentional employee action.
• Employees are most often the ones to detect the data breach (51%) followed by 43% who say it was through audit/assessment and 35% say it was as a result of a patient complaint.
• 55% of respondents admit to having little or no confidence that their organization has the ability to detect all privacy incidents and 57% say they have little or no confidence that their organization could detect all patient data loss or theft.
• The average time to notify data breach victims is approximately 7 weeks. 83% of respondents believe it is critical to notify victims ASAP.
• The percentage of organizations fully implementing or in the process of implementing an electronic health records (EHR) system has increased from 56% (last year) to 66% (this year).
• Perceptions that EHR systems create more security decreased from 74% in last year's study to 67% of respondents this year. A higher percentage (19% vs. 12%) of respondents in this year's study say EHR has made no difference in the security of patient data.
  
  

S.H. Smith & Company's Cyber & Security experts are the brightest and most experienced in the industry. We invite you to contact one of our experts today to better understand the Cyber & Security risks and areas of vulnerability facing your insureds.

*Source: Ponemon Institute LLC "Second Annual Benchmark Study
on Patient Privacy & Data Security", December 2011

Cyber security threats are inevitable; coverage gaps do not have to be.

Contact us today to learn more about the S.H. Smith & Company difference and our full spectrum of capabilities.

Massachusetts Office
Dave Perkins
781-247-6223
800-735-1023 x 6223

This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
781-247-6225
800-735-1023 x 6225

Connecticut Office
Betty Shepherd
860-656-1362
800-356-0168 x 1362

Minnesota Office
Jeanine Loomis
651-414-3863
877-279-8500

CONNECTICUT, FLORIDA, MASSACHUSETTS, MINNESOTA, NEW YORK, OHIO, RHODE ISLAND