RESUMO
BACKGROUND: The implementation of emerging technologies has resulted in an increase of data breaches in healthcare organisations, especially during the COVID-19 pandemic. Health information and cybersecurity managers need to understand if, and to what extent, breach types and locations are associated with their organisation's business type. OBJECTIVE: To investigate if breach type and breach location are associated with business type, and if so, investigate how these factors affect information systems and protected health information in for-profit versus non-profit organisations. METHOD: The quantitative study was performed using chi-square tests for association and post-hoc comparison of column proportions analysis on an archival data set of reported healthcare data breaches from 2020 to 2022. Data from the Department of Health and Human Services website was retrieved and each organisation classified as for-profit or non-profit. RESULTS: For-profit organisations experienced a significantly higher number of breaches due to theft, and non-profit organisations experienced a significantly higher number of breaches due to unauthorised access. Furthermore, the number of breaches that occurred on laptops and paper/films was significantly higher in for-profit organisations. CONCLUSION: While the threat level of hacking techniques is the same in for-profit and non-profit organisations, certain breach types are more likely to occur within specific breach locations based on the organisation's business type. To protect the privacy and security of medical information, health information and cybersecurity managers need to align with industry-leading frameworks and controls to prevent specific breach types that occur in specific locations within their environments.
RESUMO
The COVID-19 pandemic led to an increase in cybersecurity attacks on organizations operating in the healthcare industry. Health information professionals and health executives are unable to limit the impact of data breaches on records their organizations handle. While current research focuses on prevention strategies and the understanding of the causes of data breaches, it failed to address how to mitigate the impact of successful cybersecurity attacks. This quantitative research paper examined the effect the healthcare entity type has on the number of impacted individuals for healthcare data breaches that occurred during the pandemic. Health information professionals will be able to mitigate the number of breached records based on their organizational type. Some of this paper's findings include the call for implementation of organizational frameworks aimed to protect patient information, and the call for further research to understand how other factors might affect the impact of healthcare data breaches.
