Hospital Risk of Data Breaches

Bai, Ge; Jiang, John; Flasher, Renee

doi:10.1001/jamainternmed.2017.0336

Cited by 35 publications

(20 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous studies suggested that larger teaching hospitals were associated with breaches. 20,21 Large hospitals store more patient data, making them more attractive targets for external attackers. Large hospitals have more clinicians and staff, who access patient data, creating more internal vulnerabilities that can expose patient data.…”

Section: Conceptual Modelmentioning

confidence: 99%

See 1 more Smart Citation

Data breach remediation efforts and their implications for hospital quality

Choi

Johnson

Lehmann

2019

Health Services Research

View full text Add to dashboard Cite

Objective To estimate the relationship between breach remediation efforts and hospital care quality. Data Sources Department of Health and Human Services’ (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012‐2016. Materials and Methods Data breach data were merged with the Medicare Compare data for years 2012‐2016, yielding a panel of 3025 hospitals with 14 297 unique hospital‐year observations. Study Design The relationship between breach remediation and hospital quality was estimated using a difference‐in‐differences regression. Hospital quality was measured by 30‐day acute myocardial infarction mortality rate and time from door to electrocardiogram. Principal Findings Hospital time‐to‐electrocardiogram increased as much as 2.7 minutes and 30‐day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3‐year window following a breach. Conclusion Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.

show abstract

Section: Conceptual Modelmentioning

confidence: 99%

“…Hospital characteristics may be associated with breaches and remediation effort along with hospital quality. Previous studies suggested that larger teaching hospitals were associated with breaches . Large hospitals store more patient data, making them more attractive targets for external attackers.…”

Section: Introductionmentioning

confidence: 99%

Data breach remediation efforts and their implications for hospital quality

Choi

Johnson

Lehmann

2019

Health Services Research

View full text Add to dashboard Cite

show abstract

“…The security of health care data and systems is rapidly emerging as a critical component of hospital infrastructure, and attacks on hospital information systems have had substantial consequences, with closed practices, canceled surgical procedures, diverted ambulances, disrupted operations, and damaged reputations. 1 , 2 , 3 Attacks against hospitals have been increasing, with substantial financial cost as well. 4 , 5 In a recent well-publicized example, a large hospital network was taken offline by a virus for almost 2 weeks, resulting in service disruption, patient confusion, and delays in radiation therapy, among other repercussions.…”

Section: Introductionmentioning

confidence: 99%

Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions

et al. 2019

View full text Add to dashboard Cite

Key Points Question Are employees at US health care institutions susceptible to phishing attacks? Findings In this multicenter quality improvement study, more than 2.9 million simulated emails were sent to employees at 6 hospitals, with a median click rate of 16.7%. Repeated phishing campaigns were associated with decreased odds of clicking on a subsequent phishing email. Meaning Employees at US health care institutions may be susceptible to phishing emails, which presents a major cybersecurity risk to hospitals.

show abstract

“…Cybersecurity is an increasingly important component of the infrastructure of healthcare delivery organizations, and recent attacks on healthcare information systems have negatively impacted hospital operations, resulting in canceled clinical appointments and procedures, financial cost, and negative press. [1][2][3][4][5][6][7][8] Digital information systems are crucial for many aspects of clinical work in the United States and worldwide, and providing safe and effective care depends on our ability to secure these systems to the maximum extent possible.…”

Section: Background and Significancementioning

confidence: 99%

Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system

Gordon

Wright

Glynn

et al. 2019

Journal of the American Medical Informatics Association

View full text Add to dashboard Cite

Objective The study sought to understand the impact of a phishing training program on phishing click rates for employees at a single, anonymous US healthcare institution. Materials and Methods We stratified our population into 2 groups: offenders and nonoffenders. Offenders were defined as those that had clicked on at least 5 simulated phishing emails and nonoffenders were those that had not. We calculated click rates for offenders and nonoffenders, before and after a mandatory training program for offenders was implemented. Results A total of 5416 unique employees received all 20 campaigns during the intervention period; 772 clicked on at least 5 emails and were labeled offenders. Only 975 (17.9%) of our set clicked on 0 phishing emails over the course of the 20 campaigns; 3565 (65.3%) clicked on at least 2 emails. There was a decrease in click rates for each group over the 20 campaigns. The mandatory training program, initiated after campaign 15, did not have a substantial impact on click rates, and the offenders remained more likely to click on a phishing simulation. Discussion Phishing is a common threat vector against hospital employees and an important cybersecurity risk to healthcare systems. Our work suggests that, under simulation, employee click rates decrease with repeated simulation, but a mandatory training program targeted at high-risk employees did not meaningfully decrease the click rates of this population. Conclusions Employee phishing click rates decrease over time, but a mandatory training program for the highest-risk employees did not decrease click rates when compared with lower-risk employees.

show abstract

Hospital Risk of Data Breaches

Abstract: Research Optimizing Screening through Personalized Regimens) Consortium. Provider attitudes and screening practices following changes in breast and cervical cancer screening guidelines.

Cited by 35 publications

References 3 publications

Data breach remediation efforts and their implications for hospital quality

Data breach remediation efforts and their implications for hospital quality

Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions

Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system

Contact Info

Product

Resources

About