Which Hospitals Run the Highest Risk of Data Breaches?

With seemingly countless large-scale data breaches making headlines in recent years, it might seem like no health care institution is safe from hackers on the hunt for patient information. But some hospitals are at a higher risk than others to be the targets of breaches. As Fierce Healthcare first reported, a new study from researchers at Johns Hopkins University (shared in a letter to JAMA Internal Medicine) found that large academic medical centers appeared to be likelier targets of hackers than their smaller, non-academic counterparts. Examining data provided by the Department of Health and Human Services (HHS) of a staggering 1,798 breaches that occurred between October of 2009 and December of 2016, the researchers identified more, and larger-scale, incidents at teaching hospitals.

The Hopkins researchers break down the data further by identifying hospitals that were breached more than once over the years examined, as well as those that experienced breaches impacting more than 20,000 patients. Teaching hospitals dominated both of these lists. Given their focus on research and on disseminating information, as well as the large number of patients they typically serve, academic medical centers are uniquely vulnerable to cyber attacks, the research team notes. “Broad access to health information, essential to hospitals’ quality improvement efforts and research and education needs, inevitably increases risks for data breaches,” they explain, pointing also to the expanded use of electronic health records.

One clear concern: The researchers also note that, despite public interest following some of the highest-profile breaches and numerous calls for improved “data hygiene,” hospitals have often failed to truly prioritize data security. What can these high-risk institutions do to protect themselves from breaches? The researchers recommend taking a team effort, urging further study and dissemination of data security strategies that work. “Identification of evidence-based effective data security practices should be made a research priority,” they assert.

Click here for the article from Fierce Healthcare on the Hopkins study.

Click here for the research letter from JAMA Internal Medicine.


Leave a Reply