Hackers are notorious for their ingenious acts of gaining illegal access into users’ accounts and stealing data. Yes, they are well known for that. However, research recently surfaced which showed that hospitals, health care providers as well as insurance companies leak out personal health data more than hackers.
Whoa! That’s fresh.
The research, which was carried out in two notable US universities – Michigan State University and John Upkins University, revealed that over half of personal health information (PHI) and data breaches resulted from internal mishandling rather than external parties (like hackers).
In the study, the researchers carried out the research on 1,150 data breach cases in hospitals between October 2009 and December 2017. The incidence was said to have impacted over 164 million patients.
Out of these PHI data breaches, over half (53%) happened because of negligence from internal parties. It was shown that this happened through cases like health workers or employees taking PHI home, sending e-mails to wrong individuals, unauthorised access, etc.
To drive home this point, one of the researchers, John Jiang, an Associate Professor of Accounting and Information Systems at Michigan State University stated:
“There’s no perfect way to store information, but more than half of the cases we reviewed were not triggered by external factors – but rather by internal negligence. Hospitals, doctors’ offices, insurance companies, small physician offices and even pharmacies are making these kinds of errors and putting patients at risk.”
Hackers were held responsible for 33% of these breaches while theft cases took 12% of the spoils. This summed up the quota that external factors play in these kinds of information breach.
Altogether, these 1,150 researched cases were grouped into six categories namely: theft, unauthorized access, hacking or an IT incident, loss, improper disposal or ‘other’.
Ideally, hacker-related data loss is limited by effective beefed-up measures such as hardware and software security. Apropos of that, internal-linked data breaches can be reduced through stronger internal health policies and higher security measures on the employees’ part.