Vanderbilt researcher says hospital data breaches are tied to patient deaths

March 28, 2018  Source: MedCityNews 236

Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management, says over 2,100 patient deaths annually are related to data breaches at hospitals, according to The Wall Street Journal.

“A breach triggers remediation activities, regulatory inquiries and litigation in the years following a breach… [these activities] disrupt and delay hospital services, and therefore leads to care quality problems,” Choi said, according to WSJ.

The study was presented last week at a conference hosted by Drexel University’s LeBow College of Business. The findings relied on information from CMS and HHS. Data from HHS showed there were 305 hospital breaches between 2012 and 2016, which exposed a total of 14 million patient records.

The research compared patient care metrics at hospitals that had experienced a data breach and those that had not. For instance, the study examined the proportion of heart attack patients that die within 30 days of being admitted to a health system. The rate increased by 0.23 percent a year after a breach and 0.36 percent two years after a breach. This represents 2,160 additional deaths each year, according to Choi.

Breached hospitals also took longer to administer an electrocardiograph to a newly admitted patient.

“Before a breach, the control group and breached hospitals are similar, then after a breach there appears some change in trend that made the breach hospitals have worse quality,” Choi said.

Overall, the research points to the significance of cybersecurity, the need to recover quickly after a breach and how breaches can distract providers. Not to mention the money that could have been used for patient care that now has to be funneled toward solving the IT problem.

Despite the increased interest in data privacy in healthcare, the field continues to be a major target for hackers. Hospitals traditionally focus on patients more than health IT, and they often rely on legacy systems, which make them all the more vulnerable.

“From [a hacker’s] perspective, they’re looking for the perfect storm,” Mike Simon, CEO of security company Cryptonite. “All these together make it a hacker’s dream to come into a healthcare facility.”

By Ddu