Data Breaches and the Human Element in Healthcare

It may come as no surprise that healthcare is affected by data breaches more than any other sector. But the cause may not be what you think. While ransomware and other cyberattacks are a constant concern and make big news, the real culprit for data breaches is less high-tech and cutting-edge than you might expect: human error.

Nearly half of healthcare data breaches are due to incorrect disclosure, such as faxing or emailing data to incorrect recipients, or failing to use the “BCC” option on emails to keep recipients confidential. Other significant reasons for data breaches include incorrect data on client portals, verbal disclosures of personal data, record loss and improper disposal of paperwork. According to a Verizon report, the “insider threat” in healthcare poses a greater danger than any outside players when it comes to data breaches. “These statistics are alarming,” said Tony Pepper, CEO of data security provider Egress. “All too often, organizations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person.”

And the American public seems to understand this challenge on some level. A study from the Harvard T.H. Chan School of Public Health and Politico reports that most Americans don’t trust healthcare institutions to keep their personal data safe, with the highest level of distrust going to insurers. Most patients worry that their information could be sold to companies attempting to make money from medical treatments or other products. But recent data breaches have impacted patient perception as well – 26 percent of patients now share concerns that their personal health information could be vulnerable to unauthorized access.

With more integration of new technologies, such as voice recognition, come more challenges for healthcare in protecting personal data and following HIPAA guidelines. Great care must be taken to ensure that information is not given out in an inappropriate manner with the use of voice assistants and other tools, both in doctors’ offices and in patients’ homes. “The first thing most people think about when they hear HIPAA is securing servers platforms, but there is more to it. We have to consider things like the unintended audience for a call,” pointed out Freddie Feldman, voice design director at Wolters Kluwer Health in a recent summit at Harvard Medical School.

Changing public opinion about the security of personal data will take time and work. But a PwC cybersecurity study from Germany may have some answers about how American healthcare organizations can do just that. An overwhelming number of respondents – 87 percent – felt that better education of healthcare staff was a key factor to improve data security in hospitals. Patients, nurses and doctors can all benefit from reminders to log out of a portal and close file information, just as they benefit from the now-routine practice of washing hands whenever they enter and leave an exam room.

COVID-19 Resource Center    Visit our Resource Center to stay up to date.​