Nav: Home

Healthcare providers -- not hackers -- leak more of your data

November 19, 2018

Your personal identity may fall at the mercy of sophisticated hackers on many websites, but when it comes to health data breaches, hospitals, doctors offices and even insurance companies are oftentimes the culprits.

New research from Michigan State University and Johns Hopkins University found that more than half of the recent personal health information, or PHI, data breaches were because of internal issues with medical providers - not because of hackers or external parties.

"There's no perfect way to store information, but more than half of the cases we reviewed were not triggered by external factors - but rather by internal negligence," said John (Xuefeng) Jiang, lead author and associate professor of accounting and information systems at MSU's Eli Broad College of Business.

The research, published in JAMA Internal Medicine, follows the joint 2017 study that showed the magnitude of hospital data breaches in the United States. The research revealed nearly 1,800 occurrences of large data breaches in patient information over a seven years, with 33 hospitals experiencing more than one substantial breach.

For this paper, Jiang and co-author Ge Bai, associate professor at the John's Hopkins Carey Business School, dove deeper to identify triggers of the PHI data breaches. They reviewed nearly 1,150 cases between October 2009 and December 2017 that affected more than 164 million patients.

"Every time a hospital has some sort of a data breach, they need to report it to the Department of Health and Human Services and classify what they believe is the cause," Jiang, the Plante Moran Faculty Fellow, said. "These causes fell into six categories: theft, unauthorized access, hacking or an IT incident, loss, improper disposal or 'other.'"

After reviewing detailed reports, assessing notes and reclassifying cases with specific benchmarks, Jiang and Bai found that 53 percent were the result of internal factors in healthcare entities.

"One quarter of all the cases were caused by unauthorized access or disclosure - more than twice the amount that were caused by external hackers," Jiang said. "This could be an employee taking PHI home or forwarding to a personal account or device, accessing data without authorization, or even through email mistakes, like sending to the wrong recipients, copying instead of blind copying or sharing unencrypted content."

While some of the errors seem to be common sense, Jiang said that the big mistakes can lead to even bigger accidents and that seemingly innocuous errors can compromise patients' personal data.

"Hospitals, doctors offices, insurance companies, small physician offices and even pharmacies are making these kinds of errors and putting patients at risk," Jiang said.

Of the external breaches, theft accounted for 33 percent with hacking credited for just 12 percent.

While some data breaches might result in minor consequences, such as obtaining the phone numbers of patients, others can have much more invasive effects. For example, when Anthem, Inc. suffered a data breach in 2015, 37.5 million records were compromised. Many of the victims were not notified immediately, so weren't aware of the situation until they went to file their taxes only to discover that a third-party fraudulently filed them with the data they obtained from Anthem.

While tight software and hardware security can protect from theft and hackers, Jiang and Bai suggest health care providers adopt internal policies and procedures that can tighten processes and prevent internal parties from leaking PHI by following a set of simple protocols. The procedures to mitigate PHI breaches related to storage include transitioning from paper to digital medical records, safe storage, moving to non-mobile policies for patient-protected information and implementing encryption. Procedures related to PHI communication include mandatory verification of mailing recipients, following a "copy vs. blind copy" protocol (bcc vs cc) as well as encryption of content.

"Not putting on the whole armor opened health care entities to enemy's attacks," Bai said. "The good news is that the armor is not hard to put on if simple protocols are followed."

Next, Jiang and Bai plan to look even more closely at the kind of data that is hacked from external sources to learn what exactly digital thieves hope to steal from patient data.
-end-
Michigan State University has been working to advance the common good in uncommon ways for 160 years. One of the top research universities in the world, MSU focuses its vast resources on creating solutions to some of the world's most pressing challenges, while providing life-changing opportunities to a diverse and inclusive academic community through more than 200 programs of study in 17 degree-granting colleges.

For MSU news on the Web, go to MSUToday. Follow MSU News on Twitter at twitter.com/MSUnews.

Michigan State University

Related Health Articles:

Mental health of health care workers in china in hospitals with patients with COVID-19
This survey study of almost 1,300 health care workers in China at 34 hospitals equipped with fever clinics or wards for patients with COVID-19 reports on their mental health outcomes, including symptoms of depression, anxiety, insomnia and distress.
Health records pin broad set of health risks on genetic premutation
Researchers from the University of Wisconsin-Madison and Marshfield Clinic have found that there may be a much broader health risk to carriers of the FMR1 premutation, with potentially dozens of clinical conditions that can be ascribed directly to carrying it.
Attitudes about health affect how older adults engage with negative health news
To get older adults to pay attention to important health information, preface it with the good news about their health.
Geographic and health system correlates of interprofessional oral health practice
In the current issue of Family Medicine and Community Health (Volume 6, Number 2, 2018, pp.
Bloomberg era's emphasis on 'health in all policies' improved New Yorkers' heart health
From 2002 to 2013, New York City implemented a series of policies prioritizing the public's health in areas beyond traditional healthcare policies and illustrated the potential to reduce cardiovascular disease risk.
Youth consider mobile health units a safe place for sexual health services
Mobile health units bring important medical services to communities across the country.
Toddler formulas and milks -- not recommended by health experts -- mislead with health claims
Misleading labeling on formulas and milks marketed as 'toddler drinks' may confuse parents about their healthfulness or necessity, finds a new study by researchers at the NYU College of Global Public Health and the Rudd Center for Food Policy & Obesity at the University of Connecticut.
Women's health has worsened while men's health has improved, trends since 1990 show
Swedish researchers have studied health trends among women and men aged 25-34 from 1990-2014.
Health insurance changes, access to care by patients' mental health status
A research letter published by JAMA Psychiatry examined access to care before the Patient Protection and Affordable Care Act (ACA) and after the ACA for patients grouped by mental health status using a scale to assess mental illness in epidemiologic studies.
Community health workers lead to better health, lower costs for Medicaid patients
As politicians struggle to solve the nation's healthcare problems, a new study finds a way to improve health and lower costs among Medicaid and uninsured patients.
More Health News and Health Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Teaching For Better Humans 2.0
More than test scores or good grades–what do kids need for the future? This hour, TED speakers explore how to help children grow into better humans, both during and after this time of crisis. Guests include educators Richard Culatta and Liz Kleinrock, psychologist Thomas Curran, and writer Jacqueline Woodson.
Now Playing: Science for the People

#556 The Power of Friendship
It's 2020 and times are tough. Maybe some of us are learning about social distancing the hard way. Maybe we just are all a little anxious. No matter what, we could probably use a friend. But what is a friend, exactly? And why do we need them so much? This week host Bethany Brookshire speaks with Lydia Denworth, author of the new book "Friendship: The Evolution, Biology, and Extraordinary Power of Life's Fundamental Bond". This episode is hosted by Bethany Brookshire, science writer from Science News.
Now Playing: Radiolab

Space
One of the most consistent questions we get at the show is from parents who want to know which episodes are kid-friendly and which aren't. So today, we're releasing a separate feed, Radiolab for Kids. To kick it off, we're rerunning an all-time favorite episode: Space. In the 60's, space exploration was an American obsession. This hour, we chart the path from romance to increasing cynicism. We begin with Ann Druyan, widow of Carl Sagan, with a story about the Voyager expedition, true love, and a golden record that travels through space. And astrophysicist Neil de Grasse Tyson explains the Coepernican Principle, and just how insignificant we are. Support Radiolab today at Radiolab.org/donate.