One in five healthcare pros have experienced patient data breaches

According to a recent University of Phoenix College of Health Professions online survey of 504 registered nurses and administrative staff, only a quarter of registered nurses have seen changes in the way their companies handle data security and patient privacy over the past year, despite increased data breaches across all industries.

The survey found that 20 percent of registered nurses (RNs) and 19 percent of administrative staff indicated that their facilities have experienced a breach of private patient data.

However, there appears to be a disconnect between breaches and level of confidence, with 48 percent of RNs and 57 percent of administrative staff noting they are “very confident” in their facility’s ability to protect patient data against potential theft. When asked where they have seen the most changes occur in the industry over the last year, including quality of care, safety, digital health records and prevention and population health, only 25 percent of RNs and 40 percent of administrative staff cite data security and privacy.

“Patient safety is not just about physical and emotional well-being and protection, it also includes electronic records. In our increasingly digital world, it is critical for healthcare professionals at every level to prevent data breaches,” said Doris Savron, executive dean for the Colleges of Health Professions at University of Phoenix. “Everyone in the healthcare industry must work together to establish protocols and implement training to secure and protect all patient data to reduce the risk of being compromised.”

The healthcare industry continues to be one of the highest targeted by cybercriminals, due to its heavy reliance on technology and vast amount of available patient data. According to the IBM’s 2017 Cost of Data Breach Study, healthcare is the most costly industry for data breaches, with organizations spending an average of $380 per impacted record, costing the industry approximately $1.9 billion.

As healthcare technology advances and hackers evolve to exploit systems, it is now more important than ever to recognize that organizations need improved, more frequent training for health professionals and more robust company policies.

The U.S. is experiencing a shortage of trained cybersecurity professionals across all industries, but the impact of protecting not only systems but lives, compounded with lower pay, is expanding the job gap in the healthcare industry. Unfortunately, without the proper cybersecurity teams in place the onus falls on healthcare professionals to protect systems, many of whom are often unaware of how to identify threats and avoid breaches.

“Healthcare organizations are extremely susceptible to human error. If one employee accidently invites malicious malware into a system, the impact can be catastrophic. To limit the amount of breaches, cybersecurity governance must improve,” said Dennis Bonilla, executive dean for the College of Information Systems and Technology at University of Phoenix. “Without improved training and robust cybersecurity response plans incorporated into information technology strategies, the healthcare industry will continue to bear the brunt of these attacks.”

Nurses and staff administrators agree, with 23 percent of RNs and 34 percent of administrative staff stating that additional support and training is needed for healthcare privacy and security. Current steps being taken to ensure the protection of patient data include:

• Updated privacy and access policies (according to 67 percent of RNs and 69 percent of administrative staff)
• Role-based access (according to 59 percent of RNs and 60 percent of administrative staff)
• Data surveillance (according to 56 percent of RNs and 55 percent of administrative staff).