Vanderbilt researchers question results of recent study on hospital data breaches

Three researchers from Nashville, Tenn.-based Vanderbilt University wrote to JAMA Internal Medicine to question the findings of a recent study on hospital data breaches.

In the initial study, published in JAMA Internal Medicine in June, lead author Ge Bai, PhD, an assistant professor at Baltimore-based Johns Hopkins Carey Business School, worked with two co-authors to analyze HHS statistics on data breaches reported from late 2009 to 2016. Dr. Bai and her colleagues determined teaching hospitals and facilities with high bed counts were most at risk for breaches.

However, in a November letter to the editor, the Vanderbilt researchers questioned whether the study methods hold "inherent biases" against larger institutions, which might lead them to overlook smaller, targeted attacks. HHS only requires healthcare facilities to notify the agency within 60 days of detecting a breach of protected health information that affects 500-plus patients.

"Better-staffed organizations, in concert with more advanced technologies, will likely find more issues and produce a greater quantity of breach disclosures," the Vanderbilt researchers wrote in the letter. "Moreover, the HHS data are biased because larger organizations inherently have a greater chance of reaching the 500 patient threshold than their smaller counterparts, and have more employees at risk for attacks."

In response, Dr. Bai and her colleagues acknowledged the HHS threshold of 500 patients increases the likelihood of identifying data breaches in large hospitals — a limitation they had also noted in their initial research. However, they also highlighted large hospitals might prove an appealing target to cybercriminals because they possess "a significant amount of protected health information."

"Combined with teaching hospitals' needs for broad data access, this creates significant targets for cybercriminals compared with smaller institutions that might be the main reason for their relatively high risk of data breaches," Dr. Bai and her colleagues wrote.

More articles on cybersecurity:
Survey: 5 ways businesses secure corporate data on personal devices
OCR: 12 tips to secure PHI in mobile devices
Survey: 59% of office workers hit by ransomware pay out-of-pocket

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months