Healthcare News & Insights

70% of healthcare facilities hit by data breaches – staff most often to blame

As more hospitals and medical practices convert patient data to electronic health records, those organizations must take steps to improve security. The first step:

Give policies and training for internal staff a tune-up.

In the past year, 70% of healthcare facilities have had some kind of breach of confidential patient data in the past year, according to a recent study by security firm Vephyr.

And in a majority of cases, the facilities’ own employees were somehow involved, either by intentionally leaking or viewing information without permission or by negligently leaving records open to theft by outside criminals.

With the increase in the use of electronic health records, facilities are becoming even more prone to security threats created by internal staff. For example, employees may lose discs or portable storage devices containing patient records. Also, when records are housed in a computer system, it can be easy for employees to view records they shouldn’t access, if the proper security controls aren’t in place.

These were the most common types of breaches healthcare facilities faced in the past 12 months, according to Vephyr study:

  1. Staff members snooping on their co-workers’ medical records (35%)
  2. Staff members viewing the records of friends or relatives (27%)
  3. The loss or theft of physical records (25%), and
  4. The loss of theft of equipment containing electronic medical records (20%)

To prevent more of those breaches from occurring, healthcare IT departments must focus on not only using security tools to keep outsiders off the network, but also on training and employee monitoring to keep internal employees from causing breaches.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.