The U.S. healthcare system is expensive, but it could be less so if data breaches weren't costing it billions of dollars every year. The Ponemon Institute and the security consulting firm ID Expert released a report this week finding that hospitals are opening themselves up to a loss of $6 billion annually because of data breaches, eWeek's Brian T. Horowitz reports.

Part of the data vulnerability stems from a lack of resources and procedures to detect breaches. As hospitals and other providers have hurried to meet the federal electronic health records requirements spelled out in the 2009 HITECH Act, they have left themselves vulnerable to attack. Although the law includes privacy provisions, providers do not appear to be significantly increasing privacy protections, according to Doug Pollack, vice president of strategy for ID Expert.

"Unfortunately, what we found is that it doesn't seem to have changed behavior in a very significant fashion," Pollack said. "Within these hospital systems, revenue trumps privacy. Until there are more enforcement actions, there's just not enough pain to change their investment model in terms of security and privacy." 

The report was based on interviews with more than 200 senior managers at 65 healthcare facilities. Sixty nine percent of the organizations surveyed did not have sufficient policies and procedures to stop a breach and detect lost patient data. More frightening perhaps, at 70 percent of the facilities patient data protection was not found to be a priority.

For more:
- see Brian T. Horowitz' article at eWeek

Related Articles:
Feature: Top 20 Government Data Breaches...So Far 
New study says cybercrime costs enterprises $3.8 million a year
Healthcare IT faces healthy opportunities
Dell to use tiny Streak to drive deeper into healthcare
Heartland CIO: "I don't think software will ever be secure again."