In exploring the most common causes of electronic personal health information (ePHI) data breaches recently, it was interesting to find that recent research into this topic reveals that while we tend to primarily focus on technological approaches to security, human error can actually be one of the biggest threats to ePHI.
This 2021 research paper, Human factor, a critical weak point in the information security of an organization's Internet of things (Hughes-Lartey et al.), laid the groundwork for exploring the potential impacts of human interactions on data security. It points out that "the strength of any good information security system is in the hands of those who use it," highlighting that breaches often stem from exploiting human resources. However, organizations tend to prioritize technological solutions, as they are generally easier to implement than addressing the human element of security.
There are a lot of good specific recommendations in the paper worth checking out. The main takeaway was that "Organizations need to have a consistent policy that focuses on having their employees trained or educated."
In a subsequent 2022 research paper, Human Factors in Electronic Health Records Cybersecurity Breach: An Exploratory Analysis (Yeo and Banfield), the authors categorize breaches as either "unintentional" or "malicious" to better understand the type of human interaction that leads to a breach (see Table 2 for data). Their research found that 73.1% of all affected records were compromised due to unintentional factors, while 26.7% resulted from malicious actions.
Their research also identified the most common causes of cyber breaches in healthcare organizations (HCOs):
Some additional articles on this topic that may be of interest are listed below:
BH Connect TeamMetaStar Services2024 Annual Report
JoinContact UsHelp
Privacy Policy
Terms of Use