Research by Vanderbilt University and the University of Central Florida investigated the relationship between breach remediation efforts and hospital care quality.
Researchers analysed breach data from 3,025 hospitals between 2012-2016. It was found that breaches appear to have a serious negative impact on patient care, with the mortality rate increasing.
The research detected an increase in 30-day acute myocardial infarction (AMI) mortality rate, with a data breach at a non federal acute-care inpatient hospital being associated with an additional 23-36 deaths per 10,000 AMI discharges per year.
Although improvements have been made in AMI treatment which has resulted in the 30-day AMI mortality rate decreasing, “a 0.23‐0.36 percentage point increase in 30‐day AMI mortality rate after a breach effectively erases a year’s worth of improvement in the mortality rate,” according to the research.
Breaches also had an impact on the time it took for staff to get from the door to an electrocardiogram (ECG) – with an increase of 2.7 minutes following a data breach. These delays could be due to post-brech delay to which an incident is investigated.
The researchers explain that often post-breach, security can become rather inconvenient by design, with stricter authentication methods, such as two-factor authentication. In addition, lost passwords and account lockouts become a nuisance and disrupt workflow.
“The persistence in the longer time to ECG suggests a permanent increase in time requirement due to stronger security measures.”
Eric Johnson, co-author of the report said: “This long time-frame tells us that in breached hospitals, it’s the remediation efforts – not the breach itself, but the post-breach remediation efforts – that are impacting these time-sensitive processes and patient outcome measures.”
“Security solutions designed to prevent future breaches may require usability assessment or include some sort of ‘break glass in case of emergency’ functionalities to ensure providers can quickly get the information they need when they need it most.”
Despite the report not discussing ransomware, the researchers added that with ransomware attacks, from their findings there might be an “even stronger short-term negative relationship with patient outcomes than the long-term remediation efforts studied here.”
Data breaches within healthcare result in a significant consequence for patients and providers, as well a impacting the quality of care problems. It is vital that health information is protected and an important responsibility of all parties in the healthcare industry.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/