This study was conducted to investigate the status of personal patient information data breaches at medical facilities involving the use of electronic media (including the Internet). News contents on website and newspaper articles dealing with data breaches were collected from information security websites and/or newspaper databases between 2008 and 2012. Data on 186 events (reported by mass media, etc.) were collected and the analysis results revealed the following findings:
1) USB memory drives were the electronic media most frequently involved in data breaches (47.0%).
2) Loss and burglary accounted for an overwhelming majority (84.4%) of all causes of data breaches.
3) Data breaches occurred both inside and outside medical facilities. The main reasons provided for removing electronic media from hospitals resulting in data breaches were to research or learn, and to work outside the hospital.
4) All types of healthcare professionals (including retired healthcare professionals) were responsible for security breaches, predominantly physicians.
5) The percentage of data breaches resulting in information leaks was low (10.8%), but only 19.0% of the electronic media involved had been secured against information leaks or unauthorized usage.
6) Information about illnesses of individual patients and personal information on 100 or more individuals were contained in more than half of the electronic media involved in data breaches each.
7) Violations of the relevant hospital rules were found in 47.3% of data breaches.
View full abstract