Healthcare News & Insights

Health data breaches increase 97% due to unsecured mobile devices

The number of breaches of patient health data nearly doubled in 2011 compared to the year before. The biggest reasons for the increase in the number of security incidents: 

More sensitive health information is being carried around on unencrypted portable devices, and more data is being put at risk by third-party business partners.

The number of patient health records breached increased by 97% in 2011 compared to 2010, according to a recent report from Redpsin, a provider of IT security assessments.

The annual survey has looked at a total of 385 breaches affecting over 19 million individuals since the HITECH Act’s breach notification rule went into effect in August 2009.

Breaches weren’t just more plentiful last year — they also had a greater impact, as the black market value of health information has increased and criminals’ methods have become more sophisticated. An average of nearly 50,000 patient records were stolen per breach in 2011, an 80% increase compared to the year before.

Also, compared to 2010:

  1. The number of 2011 breaches involving a lost or stolen unencrypted portable device increased by a whopping 525%, and
  2. Breaches involving business associates grew by 76%.

The increase in the number of breaches involving portable devices is a side effect of the current trend of employees using their own mobile gadgets to do their work, Redspin says. And healthcare organizations have failed to keep up and adjust policies and procedures accordingly, as half of respondents in a recent health data security survey said nothing is being done in their organization to protect data on mobile devices.

To avoid breaches, healthcare providers must take steps to secure data when it goes mobile. One strategy experts recommend is providing employees who handle sensitive information with IT-controlled, encrypted devices. That way, the organization can be sure data is protected, and important features such as remote wipe can be enabled.

Also, organizations must pay more attention to the security of third-parties they work with. Those business associates should be included in regular security risk assessments, and security audits should be required as part of a business contract.

For more information, download Redpsin’s study here.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.