An annual study by the internet security firm White Hat Security found that the average website had 230 "serious vulnerabilities"—those that could lead to breach or data loss—in 2010. The good news is that healthcare websites were among the most secure, with an average of 35 serious vulnerabilities in 2010, edging out even banking and financial services sites.
The bad news? It doesn't matter how many or how few times a healthcare organization's data is breached or even if it is only potentially breached. In the healthcare industry, it takes just one event—a lost laptop, a misfired e-mail, or a website that leaks sensitive, user-specific data—to make headlines.
Healthcare leaders are rightly concerned about it. In the 2011 HealthLeaders Media annual industry survey, we asked technology leaders to rank their top three concerns about electronic medical records and/or patient portals: privacy and security was the number one ranked choice.
(On a side note, tech leaders were less concerned about data security in health information exchanges—only six percent said it was the biggest roadblock to HIEs. Respondents could only choose a single answer to this question, however; funding, interoperability, and lack of standards were cited as more pressing and immediate concerns.)