Breach Can Cost $2 Million, Study Says

This article appears in the January 2012 issue of HealthLeaders magazine.

A significant data breach can cost your organization $2 million, according to a study by the Ponemon Institute in Traverse City, MI. The research and consulting group found that hospitals are rushing to adopt electronic health records in an effort to cash in on government incentives, but they may not be prepared to adequately address data security and data privacy issues.

Here are some of the key findings of the study, Benchmark Study on Patient Privacy and Data Security:

• Sixty percent of organizations in the study had more than two data breaches in the past two years.
• The average number of lost or stolen records per breach was 1,769. A significant percentage of organizations, 38%, did not notify any patients.
• The top three causes of a data breach were: unintentional employee action, lost or stolen computing devices, and third-party errors.
• Forty-one percent discovered the data breach as a result of a patient complaint.
• Sixty-three percent of organizations say it took them between one to six months to resolve the incident.

This article appears in the January 2012 issue of HealthLeaders magazine.

Greg Freeman is a contributing writer for HealthLeaders Media.