Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:Definitions of privacy, confidentiality, and security
Slide content:Breaches Adversely Impact Organizations Costs ( Ponemon Institute, 2015) Estimated cost to the industry: $6 billion Average cost per breach: $2.1 million Significant part of cost: lost business Criminal attacks up 125% in healthcare organizationsnow number 1 cause of breaches Attack sources (HIMSS, 2015) Foreign sources, hacktivist, nation-state actor, malicious insider, hacker, social engineering, online scam artist Security budgets (HIMSS, 2015) Health care providers average > than 6% of the IT budget for security Federal government spends 16% of its IT budget on security, while financial and banking institutions spend 12% to 15% Information security is a business priority 11
Slide notes:The Ponemon [ pone -eh-mon] Institute publishes an annual report on the impact of security breaches on health care organizations. The 2015 report estimated that data breaches may [quote] be costing the industry six billion dollars. More than 90 percent of health care organizations represented in this study had a data breach, and 40 percent had more than five data breaches over the past two years. [end quote] ( Ponemon Institute 2015). According to the study, the average cost of a data breach for health care organizations is estimated to be more than $2.1 million. A significant part of the cost was lost business by the organization. For the first time, criminal attacks were the number one cause of data breaches in health care in 2015, according to the study. Criminal attacks on health care organizations are up one hundred twenty-five percent compared to five years ago. In fact, forty-five percent of health care organizations say the root cause of the data breach was a criminal attack, and twelve percent say it was due to a malicious insider. Half of all organizations indicated that they have little or no confidence in their ability to detect all patient data loss or theft. The HIMSS 2015 Security Survey identified the sources for breaches as the following: foreign sources, hacktivist, nation-state actor, malicious insider, hacker, social engineering, and online scam artist. Interestingly, this threat has not impacted the security budgets for health care providers. The HIMSS report identified that health care providers spend on average less than six percent of their IT budget for security expenditures even though security is a top business priority. In contrast, the federal government spends sixteen percent of its IT budget on security, while financial and banking institutions spend twelve to fifteen percent. Defenses are not keeping pace with the volume of attacks and the new trends and methods of threats and breaches. 11