99% of small healthcare organizations in North America suffered a data breach in the past 12 months and more than 70% do not have enough budget to invest in risk management solutions to be able to comply with legal requirements and industry standards. These are the key findings of a new survey by the Ponemon Institute.
The Ponemon Institute surveyed more than 700 IT and administrative professionals in healthcare organizations that employ a maximum 250 people.
“Cybercriminals are hunting for medical records,” said Larry Ponemon, chairman and founder of Ponemon Institute. “The most serious issue is just the complacency small healthcare providers seem to exhibit with respect to securing patient records.”
Of the many security breaches reported by these organizations, about 29% admittedly resulted in medical identity theft. While risk management budgets are low, about half of respondents said a maximum of 10% is allotted to acquiring data security solutions. it’s no wonder the data security budgets are so low when just 31% of organizations consider data security and privacy a priority.
Almost 75% of healthcare companies allow their employees to access business or clinical applications on their laptops, smartphones and other portable devices. Half of the employees state they use them at work but only a quarter have any security solutions installed.
Although budgets for data security and preserving patient privacy are low, while the number of breaches are high, most of the survey respondents actually believe that their organizations are taking the right measures to comply with the HIPAA standards.