East Lansing-based Michigan State University and Baltimore-based Johns Hopkins University researchers studied 1,461 protected health information breaches over the past decade to analyze the types of data that were compromised in hospital breaches.
Information included in the study was categorized as demographic, service or financial, or medical. Demographic data included names, email addresses and other personal identifiers. Service or financial data included the service date, billing amount and payment information. Medical data included diagnoses or treatment.
Three notes:
1. Of all 1,461 total breaches examined, researchers found each one contained at least one piece of demographic information.
2. Seventy-one percent of the breaches affecting 159 million patients compromised demographic or financial data that could be used for financial or identity fraud.
3. Two percent of the breaches impacting 2.4 million patients comprised sensitive medical information that could threaten their clinical privacy.
Study authors concluded that policymakers should consider establishing requirements so organizations must disclose what types of data were compromised during a breach.
More articles on cybersecurity:
58% of CISOs say weathering a breach makes them more attractive to potential employers: report
Hacking, IT incidents caused most August data breaches
Wyoming health system halts patient admissions after ransomware attack
