A report released by John Hopkins University’s Care School of Business claims large healthcare organizations experience more data breaches than smaller healthcare providers.

The researchers used breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights (OCR). Any HIPAA covered entity is required to submit breach reports to the OCR, and under HITECH Act requirements, OCR publishes the breaches that impact 500 or more individuals.

The study, led by Ge Bai, Ph.D., found that between 2009 and 2016, 216 hospitals reported a data breach and 15% of hospitals reported more than one breach. The analysis of these breach reports suggests hospitals with teaching centers are more likely to suffer a data breach- a third of breached hospitals were major teaching centers. It also suggests larger hospitals were more likely to suffer from a data breach, but many healthcare professionals disagree.

A team of doctors from Vanderbilt University in Nashville claims the researchers only included data breach figures from breaches over 500 people, not including smaller breaches, making larger hospitals with more patients more likely to reach that 500 patient threshold. They also argued that in order for a breach to be reported, it must be detected. They claim these breaches are often left undetected as smaller hospitals often lack the technology, budget, and staff to detect these data breaches. Lastly, the doctors argue that smaller hospitals take much longer to detect insider threats as they lack the necessary technology and resources to conduct internal audits and data access logs.

Bai has since responded claiming that while she agrees there is an issue with the 500-individual threshold, larger hospitals truly have more PHI and this “combined with teaching hospitals’ need for broad data access, this creates significant targets for cybercriminals, compared with smaller institutions that might be the main reason for their reliability high risks of data breaches.”

This can be looked at two ways really. Yes, larger health providers handle an incredibly large amount of PHI which can mean a huge win for hackers. But sometimes these large providers, with significantly more cybersecurity resources than that of their smaller counterparts, can be seen as a more difficult target. Which leads hacking groups to target smaller healthcare organizations because they lack the resources or staff to devote time to cybersecurity.

NNT offers an easy to use, but fully featured security and HIPAA compliance solution with HIPAA compliance reports built in based on both CIS and NIST 800-53 recommendation. These hardened build standards can be tailored to your specific healthcare and ePHI systems to ensure access rights and audit trails are provisioned correctly. NNT then monitors for compliance continuously to ensure that if any drift from your security configuration occurs, you can address it immediately before any damage is done.


Read this article on HIPAA Journal



The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.