Cybersecurity Lapses Might Be Killing Patients

Posted on April 4, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Nobody would argue that data breaches are good for patients. After all, health data management is challenging enough without having to deal with outside attacks. But could they actually be killing patients? One researcher argues that this is indeed happening.

According to research by Dr. Sung Choi of Vanderbilt University’s Owen Graduate School of Management, hospital data breaches are linked to more than 2,100 patient deaths per year.

One key reason for this phenomenon is that data breaches create distractions for doctors which can extend far beyond the actual incident. This seems to be associated with an increase in patient mortality rates, he said. He also noted that it can be costly for hospitals to address images created by the data breach, which may divert resources better spent in patient care.

What’s more, breaches trigger a whirlwind of administrative activities, including remediation efforts, regulatory increase in litigation in the years that follow. This presents yet another distraction from focusing on care delivery.

To conduct his analysis, Dr. Choi used data from CMS and HHS, comparing patient care data at hospitals that have and have not experienced a data breach. He found that there were 305 hospital breaches between 2012 and 2016, exposing 14 million records.

One of the metrics Dr. Choi reviewed was the proportion of who died within 30 days of being heart attack patients who die within 30 days after being admitted to hospital. He found that this rate increased by 0.23% with one year after the breach, and by 0.36% two years after the breach. This adds up to an additional 2,160 additional patient deaths each year, he said.

What’s more, hospitals that experienced a health data breach took far longer to administer an ECG to newly-admitted patients, the data analysis concluded.

It’s worth noting that this phenomenon is not well documented as of yet. While data breaches are clearly correlated with some additional patient deaths, Dr. Choi seems to concede that he hasn’t found a direct causal relationship between breaches and mortality across the board.

Still, it stands to reason that cybersecurity problems would have some impact on patient care quality. Now that we’re armed with this data, we have even more compelling reasons to avoid breaches. Let’s hope that the hospital industry’s track record on health data security improves in the near future.