The following blog post was written by Karen Joncas, a Healthcare Transformation Coordinator at RMS.

Blog image
According to a recent study published by the Ponemon Institute, criminal attacks are now the number one cause of data breaches in healthcare. In the five years that the Institute has studied the privacy and security of healthcare data, there has been a significant growth (125%) in intentional criminal attacks. Types of criminal activity included spear phishing, Web-borne malware attacks and stolen computing devices. The chart below illustrates the multiple accessible platforms available for criminal access to valuable patient data.

Source: Ponemon Institute

Source: Ponemon Institute

This year’s report also included business associates, recognizing their role and the associated risk of sharing data in the healthcare delivery system. Security processes should include an assessment of protection available to defend against breaches covering any and all platforms, including those where any business associate has access to patient protected health information.

Despite the fact that criminal activity is now the number one cause of data breaches, the study shows that security professionals continue to concentrate on issues of employee negligence at the expense of concern for criminal attacks. Survey respondents indicated that limited resources, expertise, and processes mean that healthcare organizations are not prepared to address this increased data breach risk. The findings also highlighted the astounding number of breaches healthcare organizations and their business associates experienced. Over the past five years:

  • 91% of covered entities have had a breach. Among Business Associates (BAs), 59% have had a breach and 15% had five or more in the same time period.
  • 78% of healthcare organizations and 82% of BAs had a Web-borne malware attack.
  • 65% of healthcare organizations and 87% of BAs had an electronic information security-based incident in the past two years, and half the combined groups had paper-based incidents.

The study highlighted that healthcare organizations and their business associates are at great risk of criminal activity and often lack the resources necessary to securely manage sensitive patient data. To meet this challenge, healthcare organizations need sufficient resources to adopt a comprehensive program for privacy and security assessments, training of staff, and processes that ensure the security of any protected health information including shared information with business associates in the course of their business. To view the study by the Ponemon Institute, click here.

RMS Healthcare can help your organization conduct comprehensive assessments and develop policies, processes and staff training programs to protect you and your patients. If you are interested in learning more, please contact Susan Maxsween, Senior Director of Healthcare Operations and Compliance at or at 1-866-567-5422.