U.S. hospitals have security 'blind spot'

A new study confirms what many health IT administrators already know--that hospitals aren't doing a great job when it comes to investing in security. The study, which was commissioned by risk consulting firm Kroll Fraud Solutions and published by HIMSS, concluded that hospitals' focus on medical privacy and compliance has distracted them from the threat of patient identity theft and other data breaches. While HIT administrators are very familiar with HIPAA, and eager to meet its privacy provisions, their HIPAA compliance measures won't do much to prevent fraud or malicious hacking, the study noted.

In addition, hospitals aren't being reminded as often as they should be that their peers are having security problems that could affect them, too. The HIMSS study noted that many data breaches don't get reported, given that there's no firm rules in place requiring such disclosures.

Even worse, HIT leaders and their peers may be ignorant as to just how expensive a malicious data breach can be--despite the fact that the average cost of such a breach generally is estimated at nearly $200 per record and $6.3 million per incident.

To learn more about the study:
- read this Healthcare IT News piece
- register and download the original report

Related Articles:
More hospital data security breaches
Hospitals face ID security holes
HIMSS08: IT execs ready to lock down security