Report Reveals Increased Security After a Data Breach Caused a Rise in Patient Mortality Rate

Healthcare data breaches bring about a lower quality of patient care, as per a study just posted in Health Services Research.

Researchers studied data from Medicare Compare which highlights quality measures employed at hospitals. Information from 2012 to 2016 was assessed and compared with records from the HHS’ Office for Civil Rights on data breaches with above 500 records during the same time frame. The researchers assessed information on 3,025 Medicare-certified hospitals which include the 311 that had encountered a data breach.

As per the study, it took 2.7 minutes more time for a patient coming to the hospital to have an electrocardiogram done at hospitals that encountered a security breach. A ransomware attack that inhibits clinicians from opening patient data will reduce their opportunity to deliver needed medical assistance to patients, therefore it is likely to have a delay in doing tests and getting the results. Nonetheless, the delays were noticed to go on for months and years subsequent to a cyberattack.

The study confirmed that 3 to 4 years subsequent to a data breach, administering electrocardiograms to individuals is still slow. The waiting time frame for patients to have electrocardiograms was about 2 minutes more than before the breach transpired.

Hospitals that encountered a data breach furthermore saw a 0.35% increase in the mortality rate of 30-day acute myocardial infarction. The rise in mortality rate was not linked to the cyberattack itself, because recovery is typically possible without having a number of days to a couple of weeks following a cyberattack. The researchers say that the slowdowns in giving medical services after a cyberattack is attributable to the actions the hospitals have taken to boost the security of their systems and appropriately protect patient information, together with the improved HHS oversight that takes place following a data breach is suffered. These things can bring about a decline in the promptness of patient care and results.

Subsequent to a cyberattack, hospitals boost their security controls to avoid even more cyberattacks from becoming successful. Those measures comprise stronger passwords, multi-factor authentication, and other security tweaks. Whilst these added measures boost the security structure of hospitals and make data breaches unlikely to happen in the future, they could likewise hamper clinicians.

In spite of the overall developments in AMI treatment and the 0.4 percentage points annual reduction in 30-day AMI mortality rate from 2012 to 2014, the 30-day AMI mortality rate goes up by 0.23-0.36 percentage point following a breach, therefore essentially removes a year’s worth of progress in the mortality rate.

The researchers propose that hospitals must carefully examine the security actions they employ to avoid more breaches to be sure they don’t unduly obstruct clinicians and badly impact patient results.

The research on Data breach remediation efforts and their implications for hospital quality was circulated in the October release of Health Services Research: DOI: 10.1111/1475-6773.13203.