Teaching hospitals and hospitals with a large number of patient beds are more vulnerable to data breaches than other healthcare facilities, according to a study that was recently published in JAMA.
The authors define a security breach as "an impermissible use or disclosure that compromise the security or privacy of the protected health information and is commonly caused by a malicious or criminal attack, system glitch or human error." The increase in the rate of security breaches in hospitals corresponds directly to the expanded adoption of EHRs and other health IT systems, but breaches also include paper records.
Researchers found that between Oct. 21, 2009 — the date of the earliest reported data breach — and Dec. 31, 2016, 216 hospitals reported 257 data breaches, with a median of 1,847 individuals affected per breach. Thirty-three hospitals were breached at least twice, many of which were teaching hospitals, according to the study.
Two teaching hospitals, New York City-based Montefiore Medical Center and University of Rochester (N.Y.) Medical Center, were breached four times in the same time period.
The researchers also found that the hospitals that reported breaches were larger, with a median bed count of 262, compared to 134 beds among hospitals that have not reported a breach. Thirty-seven percent of those breached hospitals were major teaching hospitals.