Teaching hospitals are prime targets for data breaches

More than a third of the 1,798 breaches discovered in 2016 affected either large hospitals or academic medical centers, a JAMA report found.
By Jessica Davis
11:51 AM
Montefiore Medical Center data breach

Larger hospitals and those with major teaching status are the most at-risk for a data breach, according to a Monday report by the Journal of the American Medical Association recent JAMA research report found. The report highlights why institutions with greater access to data are being targeted by hackers.

There were 216 hospitals included in the 1,798 breaches that occurred between Oct. 21, 2009 and Dec. 31, 2016 -- and more than a third were teaching hospitals. Additionally, 33 hospitals, or 15 percent, reported more than one breach. Of the 141 affected acute care hospitals, 52 were major academic medical centers.

Also, about 20,000 patients were affected in 24 of the 216 breached hospitals, and six hospitals had over 60,000 breached patient records.

[Also: Ransomware rising, but where are all the breach reports?]

Illinois-based Advocate Health and Hospitals accounted for more than 4 million breached records in two separate breaches. New York providers Montefiore Medical Center and the University of Rochester Medical Center and Affiliates were breached four times each. And another four U.S. facilities had three breaches each.

Healthcare was pummeled by cyberattacks in 2016, with more than 12 million healthcare records compromised, according to the 2017 IBM X-Force Threat Intelligence Index. It’s important to note healthcare wasn’t in the top five of most-breached industries. However, despite the proliferation of ransomware last year, many weren’t reported as breaches.

“A fundamental trade-off exists between data security and data access,” researchers wrote. “Broad access to health information, essential for hospitals for hospitals’ quality improvement efforts and research and education needs, inevitably increases risks for data breaches and makes ‘zero breach’ an extremely challenging objective.

“Data breaches negatively impact patients and cause damage to the victim hospital. To understand the risk of data breaches is the first step to manage it,” said Assistant Professor for Johns Hopkins Carey Business School Ge Bai, who led the research team that analyzed data from the Department of Health and Human Services. “It is very challenging for hospitals to eliminate data breaches, since data access and sharing are crucial to improve the quality of care and advance research and education.” 

Twitter: @JessiefDavis