Ponemon reported that “over the past two years the average cost of a data breach for healthcare organizations is estimated to be more than $2.2 million. No healthcare organization, regardless of size, is immune from data breach.” The “Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data” study included this alarming information about healthcare’s ability to properly protect ePHI (electronic Protect Health Information) and included data from 91 Covered Entities and 84 Business Associates:

Data breaches in healthcare are increasingly costly and frequent, and continue to put patient data at risk. Based on the results of this study, we estimate that data breaches could be costing the healthcare industry $6.2 billion.

For the second year in a row, criminal attacks are the leading cause of data breaches in healthcare. In fact, 50 percent of healthcare organizations say the nature of the breach was a criminal attack and 13 percent say it was due to a malicious insider.

This news is consistent with other reports and is a primary reason for aggressive HIPAA enforcement by Office for Civil Rights (OCR) of U.S. Department of Health and Human Services (HHS).