From Hopkins: “Study: Risk of data breaches at hospitals is greater at larger facilities, teaching hospitals “

Johns Hopkins
Johns Hopkins University

No image caption. No image credit

Apr 5, 2017
By Patrick Ercolano

The risk of data breaches at U.S. hospitals is greater at larger facilities and hospitals that have a major teaching mission, according to a study led by a researcher at the Johns Hopkins Carey Business School.

More than 30 hospitals that were part of the study each have experienced data breaches at least twice since 2009. At one of those facilities, the data of more than 4 million individuals was compromised. Results of the study are published online by JAMA Internal Medicine.

“Data breaches negatively impact patients and cause damage to the victim hospital,” says lead author Ge Bai, an assistant professor at the Carey Business School and expert in accounting and governance issues in the health care industry. “To understand the risk of data breaches is the first step to manage it.”

The study defines a data breach as “an impermissible use or disclosure that compromises the security or privacy of the protected health information and is commonly caused by a malicious or criminal attack, system glitch, or human error.” It could be a breach of electronic or paper records.

Bai and two co-authors examined the federal Department of Health and Human Services’ statistics on data breaches reported by various health care providers from late 2009 through 2016. They found that 216 hospitals reported a total of 257 breaches during that period, and that 33 of those hospitals—15 percent—were breached at least twice.

Montefiore Medical Center and the University of Rochester Medical Center and Affiliates, both in New York, were breached four times each, while four other facilities around the United States each experienced three data breaches.

These breaches compromised the health information of millions of people. At 24 of the breached hospitals, the violations exposed the information of at least 20,000 individuals. At six hospitals, more than 60,000 individuals were affected. In Illinois, Advocate Health and Hospitals Corporation reported a total of 4,031,767 patients who were affected by two breaches.

The researchers also looked at hospitals that reported no data breaches. Comparing these findings with the information from the compromised hospitals, Bai and her colleagues noted that the breached facilities were larger, with a median number of 262 beds, compared to 134 for the non-breached. More than a third of those breached hospitals also were major teaching facilities.

“It is very challenging for hospitals to eliminate data breaches, since data access and sharing are crucial to improve the quality of care and advance research and education,” Bai says. “More research is needed to identify effective and evidence-based data security practices to guide hospitals’ risk management efforts.”

See the full article here .

Please help promote STEM in your local schools.

Stem Education Coalition

Johns Hopkins Campus

The Johns Hopkins University opened in 1876, with the inauguration of its first president, Daniel Coit Gilman. “What are we aiming at?” Gilman asked in his installation address. “The encouragement of research … and the advancement of individual scholars, who by their excellence will advance the sciences they pursue, and the society where they dwell.”

The mission laid out by Gilman remains the university’s mission today, summed up in a simple but powerful restatement of Gilman’s own words: “Knowledge for the world.”

What Gilman created was a research university, dedicated to advancing both students’ knowledge and the state of human knowledge through research and scholarship. Gilman believed that teaching and research are interdependent, that success in one depends on success in the other. A modern university, he believed, must do both well. The realization of Gilman’s philosophy at Johns Hopkins, and at other institutions that later attracted Johns Hopkins-trained scholars, revolutionized higher education in America, leading to the research university system as it exists today.