- of

Multiple breaches29% of respondents say their organizations have had more than five data breaches in the past two years.
2.4The average number of data breach incidents per healthcare facility over the past two years? 2.4
61%61% of data breach incidents involve fewer than 100 records.
Lack of notification38% of respondents say no patients were notified of data breaches.
Cause of Breaches (% respondents)Unintentional employee action (52%)Lost/ stolen computing devices (41%)Third-party problems (34%) Technical system glitches (31%).
47%47% of respondents say employee detection is the primary way data breaches are discovered.
Confidence CrisisRespondents say they have little (35%) or no (23%) confidence that their organization has the ability to detect all patient data loss or theft. Only 11% say they are very confident.
13%Only 13% of respondents say their ability to resolve a data breach incident is immediate or within one week; 37% say it took six months or longer to resolve the incident.
Staff shortfall28% of respondents say they have no staff dedicated to managing data protection activities. Thirty-five percent say they have fewer than two dedicated staff members.
Ad hoc processesThe process for preventing and detecting data breach incidents is “ad hoc,” according to 35 percent of respondents.
Technology and policiesOnly 16% of respondents say their data breach protection process relies on security technologies; 23% say it relies on policies and procedures.
Who’s in charge? (% respondents) Compliance department (34%)IT (12%)IT security team (11%)No single person/department (23%)
Why breaches occur? (% respondents) Inadequate budget for security and privacy (51%)Lack of trained staff and end users (49%).
56 percent56 percent of respondents say they need help to assess their risks and procedures to make sure they are compliant with security standards.
Big losses23% of respondents say data breaches over the past two years cost their organization between $1 million and $10 million.
What's the harm to patients? (% respondents)Personal health facts will be disclosed (61%)Increased risk of financial identity theft (56%)Increased risk of medical identity theft (45%)