$5.6 Billion a Year: The Cost of HIPAA Breaches to the Healthcare Industry

by | Mar 13, 2014

A recent announcement from the Ponemon Institute has shown the serious threat cyber attacks pose the healthcare industry and should serve as a warning that security must be improved.

The cost to the industry is massive. Data breaches are estimated to cost the healthcare industry $5.6 billion a year, and those fund could be put to much better use improving healthcare facilities and conducting important research.

While the report shows there has been a small reduction in the number of data breaches reported last year, the volume of patient records affected is considerable and the number of cyber attacks on healthcare providers – and other covered bodies – has grown at a tremendous rate with the number of hacking related incidents having grown by 100% since 2010.

While targeted hacks on Insurers and healthcare providers is clearly on the rise, many data breaches are caused by ignorance of data security rules and simple carelessness by physicians and hospital employees. It may not be possible to prevent data breaches from occurring in all cases – hackers are using more sophisticated methods to gain access to healthcare data – but the volume of data breaches can be minimized and the number of people affected can be minimized by adopting basic security measures and tackling sloppy working practices.

Larry Ponemon, founder and chairman of the Ponemon Institute remarked, “The people in the healthcare industry are good people who sometimes do stupid things, and that is the source of a lot of the problems,” he added “they’re trying to get their work done, they feel under pressure, they’re in the business of caring for patients, and they don’t want to waste time to do more security or take that extra step to protect privacy.”

The growth in the use of mobile devices in the healthcare industry makes privacy violations much more likely to happen in the future. Android and iOS phones enable information to be instantly sent to work colleagues and while this can improve the care given to patients; their privacy is being put in danger. Many of the devices being used to send PHI are not safe and do not employ data encryption. Hackers may not be interested in individual personal records sent via unsecured text messages when there are millions of records to be obtained from insurance companies and healthcare providers, although the devices still pose a major risk.

Healthcare data is also now being shared more often since the move to electronic health data records. Covered bodies employ business associates to coomplete essential functions, such as website maintenance, providing cloud storage and developing software, and many of these companies and people are given access to PHI.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy