The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Researcher: Hospital Data Breaches Connected to Patient Deaths



A Vanderbilt researcher believes data breaches and a lack of cybersecurity at hospitals can be tied to patient deaths.

Data breaches have been a bane for the healthcare industry of late but could they concretely be linked to a loss in human loss of life?

A postdoctoral research fellow who specializes in the impact of health data breaches on hospitals and patients posits just that.

Dr. Sung Choi, a researcher at Vanderbilt University's Owen Graduate School of Management, said at a Philadephia conference last week that over 2,100 patient deaths per year could be attributed to data breaches.

Choi made his claims at 4A Data Security & Privacy, a cyberrisk quantification symposium held at Drexel University's LeBow College of Business last week. Choi said at the workshop that data breaches can have devastating effects on healthcare facilities. Those distractions can linger and likely result in patient mortality rates.

The presentation, based on a paper (.PDF) published last year with Choi's colleague, M. Eric Johnson, was a call to action for healthcare organizations to invest in cybersecurity.

The researcher cited statistics from the U.S. Department of Health and Human Services and the Centers for Medicare & Medicaid Services to make his point. Choi compared patient care metrics at hospitals that haven't been affected by a data breach and hospitals that have. One graph in particular showed the correlation between acute myocardial infarction (AMI) or heart attack patients who die within 30 days of being admitted to a hospital. The rate increased by 0.23 percent one year after a breach and 0.36 percent two years after a breach, a jump that corresponds to roughly 2,160 patient deaths a year, Choi said.

“Before a breach, the control group and breached hospitals are similar, then after a breach there appears some change in trend that made the breach hospitals have worse quality,” said Dr. Choi, according to the Wall Street Journal.

There could be other variables that could lead to a loss in life, as well. For example, funds designed to repair systems following a breach could be diverted from patient care, she said. In addition to cleaning up after a breach, regulatory inquiries and litigation - common byproducts of breaches - could also distract hospitals.

Choi regularly studies how the healthcare industry is impacted by economics and data but conducts his healthcare data breach research under the umbrella of Trustworthy Health and Wellness, a project financed by the National Science Foundation's Secure and Trustworthy Cyberspace Program.

The group, also known as THaW, has published a slew of academic papers since its inception, including research on the security of pacemakers, clinical data reuse, and how how mobile devices impact health privacy and security.

Image via Piron Guillaume/Unsplash

Chris Brook

WHITEPAPERS

The Definitive Guide to Data Loss Prevention - Healthcare Edition

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.