Data breaches in healthcare increasingly common

By SIPIAR Team on 10/11/2017


Understanding the full cost of health care data breaches is difficult.
Understanding the full cost of health care data breaches is difficult.
If it seems like news headlines lately are clogged with stories related to data breaches in the healthcare industry, it's not because you are seeing double. Hospitals, insurance providers and doctor's offices are scrambling to adopt secure IT asset disposal practices, but it's not clear if they have yet been able to stem the tide of attacks.


"Data breaches may cost healthcare firms more than $400 per record affected."

According to data compiled by Modern Healthcare, security breaches from both deliberate attacks and cases of simple loss or theft of devices have been rising dramatically. In 2016, 377 such incidents were reported, up from 276 the year before and only 44 in 2006. One of the most notable breaches in 2016 was estimated to have leaked the health and personal records of 34,000 people. However, this pales in comparison to several breaches reported in 2015, one of which may have resulted in the exposure of almost 79 million individual health records.

The costs of these incidents is hard to completely understand, given their scope and the nature of cybercrime. A study from the Ponemon Institute estimated that a data breach in the health industry could cost more than $400 for every record affected. But cleanup isn't the only expense related to these events: In 2016, a California hospital paid $17,000 to hackers as ransom to regain access to their IT network after sensitive data was leaked. And there's no way of knowing the full cost of a data breach after considering the loss of trust on behalf of patients, who may choose to seek care elsewhere after hearing about a leak.

Illustration of cybersecurity in healthcare with stethoscope next to keyboardHIPAA requires all organizations that handle sensitive health information to have strict safeguards.

Asset disposition helps fix security flaws

The Security Rule and Privacy Rule included as part of the Health Insurance Portability and Accountability Act requires all organizations that handle sensitive health information to have strict safeguards in place. But as health records move increasingly from paper to digital formats, it's been challenging to stay on top of IT security concerns.

For this reason, more healthcare organizations are adopting comprehensive plans for disposing of their IT assets securely, ensuring any data contained within cannot be accessed again. ITAD specialists like those at Sipi Asset Recovery accomplish this through a combination of strict regulatory compliance and transparency with their customers.

A robust ITAD program should cover all of the following to minimize the risk of data breaches:

  • Complete documentation of chain-of-custody as assets move through the process.
  • Allowing customers access to instant, accurate tracking and documentation through a secure online portal.
  • A wide variety of options for data destruction that meet industry standards, including hard drive erasure and shredding.
  • A comprehensive audit process to ensure devices are securely wiped and disposed of.
  • Full compliance with other regulations related to waste management, environmental protection and asset remarketing.

As the cost of healthcare continues to rise, it's imperative that those who handle patient data do so with care and discretion. Sipi has the tools and expertise to make these goals a reality for organizations in any industry.