Survey: Breaches Cost Some Healthcare Organizations $100K Per Day

Even with due diligence on HIPAA, HITECH requirements, healthcare organizations are still suffering patient-data breaches

Dark Reading Staff, Dark Reading

May 27, 2011

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Most healthcare organizations have made compliance with security and privacy regulations a priority, but that hasn’t slowed the data-breach bleed, a new survey finds.

Some 56 percent of IT administrators in healthcare organizations say they spend anywhere from 25 to 100 percent of their time working on compliance, and 54 percent spend most of it on HIPAA, according to the survey conducted by GlobalSign, a certificate authority. Meanwhile, some 34 percent of organizations suffered a breach of their patients' records in the past two years, and 10 percent say those breaches cost organizations $100,000 per incident each day.

Nearly 40 percent spend one-fourth of their work week "improving security and ensuring data privacy," and 19 percent say they spend 75 to 100 percent of their time on compliance, the report found, based on a survey of 107 IT administrators, managers, and C-level executives. Half of the respondents are with organizations of 5,000 or more employees.

Lila Kee, chief product officer at GlobalSign, says the findings reveal that healthcare is working heavily on compliance for HIPAA, HITECH, and other state and federal regulations, but is still getting hacked. "They are still having breaches even though they are doing a lot with regulations and compliance," Kee says.

"That one-third feels fines are $100,000 per event a day is quite disturbing," she notes. "Whether that's true or perceived, a lot of fines are being imposed."

Kee says the survey indicates that the compliance "check box" approach to security just isn't cutting it. "I don't think that strategy is effective," she says. "And over 79 percent find it hard to find compliance solutions for these regulations."

The challenge is for healthcare organizations to first ensure the security and privacy products they purchase fit auditors' requirements as well as truly protect data and patient data privacy, according to Kee.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

2011

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Concept art, computer code and camera lenses in glowing light green arcs on black background
Application Security
Keep Tier-One Applications Out of Virtual EnvironmentsKeep Tier-One Applications Out of Virtual Environments
byMorey Haber
Sep 25, 2024
5 Min Read
CrowdStrike logo on smatphone screen
Cyberattacks & Data Breaches
CrowdStrike Offers Mea Culpa to House CommitteeCrowdStrike Offers Mea Culpa to House Committee
byJai Vijayan, Contributing Writer
Sep 25, 2024
4 Min Read
Black background and white text saying Dark Reading Confidential
Vulnerabilities & Threats
Dark Reading Confidential: Pen-Test Arrests, 5 Years LaterDark Reading Confidential: Pen-Test Arrests, 5 Years Later
byDark Reading Staff
Sep 10, 2024
42 Min Listen
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events