• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Network Security

Study Reveals Common Traits Among Hospital Data Breaches

The American Journal of Managed Care conducted a study and found teaching hospitals and pediatric hospitals are the most susceptible to data breaches, among other insights.

March 1, 2018 Amy Rock 1 Comment

Microsoft Hospitals

A recently published study by the American Journal of Managed Care reveals common characteristics found in hospitals where data breaches occurred.

The Department of Health and Human Services’ Office for Civil Rights breach data from healthcare providers regarding breaches that affected 500 or more individuals from 2009 to 2016 were linked with hospital characteristics from the Health Information Management Systems Society and the American Hospital Association Health IT Supplement databases, according to the study.

The study revealed hospitals are the most commonly breached type of healthcare provider, accounting for approximately 30 percent of all large healthcare security incidents reported to the Department of Health.

Over the seven-year time period, there were 216 data breaches reported by 185 non-federal acute care hospitals. Thirty hospitals experienced multiple breaches of 500 or more healthcare records. One hospital experienced two breaches, five hospitals experienced three breaches and 24 hospitals experienced two breaches, reports the HIPAA Journal.

In addition to hospitals experiencing the highest percentage of security breaches, those breaches also resulted in the exposure of the highest number of health records.

The study also found the most common locations of breached data were paper and film, occurring in 65 hospitals during the seven-year period.

While there has been a significant increase in malware and ransomwareattacks as of late, network servers were the least common location for breaches between 2009 and 2016. While the least common, those breaches resulted in the highest number of stolen medical records.

The second most common location of breaches was data stored in locations other than paper, film, laptops, email, desktops, WHRs or network servers, accounting for 56 hospital breaches. The third most common was laptop breaches, which were reported by 51 hospitals.

What Types of Hospitals Experienced the Most Data Breaches?

The most susceptible to data breaches were teaching hospitals and pediatric hospitals. Eighteen percent of teaching hospitals experienced at least one data breach while six percent of pediatric hospitals also experienced a breach.

Larger hospitals (more than 400 beds) were found to be more prone to data breaches with 26 percent experiencing a breach. Investor-owned hospitals also experienced fewer breaches than not-for-profit hospitals. The threats to healthcare systems have also shifted from hackers interested in selling data to threatening to shut down systems unless paid a ransom.

The study did not find any significant difference based on the level of IT sophistication, biometric security use, health system membership, hospital region or area characteristics.

The authors noted that hospitals were spending large amounts during the seven-year timeframe upgrading their information technology systems to meet electronic health record requirements, with less spent on data security.

The researchers suggest the amount of money spent on security needs to increase if hospital data breaches are to be prevented. Security measures also need to be improved for paper and films to reduce the opportunity to access data and hospitals should conduct regular audits to determine who is accessing persona health information.

The study also suggests access to PHI should be limited to the minimum necessary amount to allow employees to complete their work duties.

“Routine audits required by cyber-insurance coverage may help healthcare facilities recognize, and repair, their vulnerabilities before a breach occurs,” the authors conclude.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cyber Attacks, Cyber Security

Related Content:

  • Cybersecurity and information or network protection. Future technology web services for business and internet project CrowdStrike Cyber Armageddon: How Do Firms Now Build…
  • DDoS, NETSCOUT Arbor Insight 7 Layers of DDoS Attacks and How To…
  • cisco webex-rooms-modern-space AVI-SPL Receives Cisco 2023 Reimagine Workspaces Partner of…
  • data breach Nearly 900 Schools Impacted by National Student Clearinghouse…

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Trackbacks

  1. How to Empower Mission Critical Communications Through a Smartphone - My TechDecisions says:
    November 1, 2018 at 12:00 pm

    […] When lives are on the line and downtime is detrimental, it pays to have a smartphone that can handle mission critical communications. Not any old smartphone will do, as they are prone to glitches. To ensure that hospitals and businesses run smoothly through failsafe communications, Spectralink offers the Versity enterprise smartphone. Its sleek, modern look of a consumer-style phone belies its enterprise-grade communications capabilities. No matter where employees roam, the Versity smartphone promises superior voice quality, board application integration and exceptional reliability. […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.