September 2019

By the Numbers
For The Record
Vol. 31 No. 8 P. 34

$408
A study from IBM Security found that it cost health care organizations this amount per breached record in 2018—up from $380 per breached record in 2017.

4 in 5
This number of US physicians has experienced some kind of cyberattack, according to a Health and Human Services report.

60
According to the Verizon 2019 Data Breach Investigations Report, health care is the only industry to show a greater number of insider (this percentage) vs external (42%) attacks. Why is this noteworthy? Internal misuse takes longer to discover than external attacks.

$21 Million
To meet the growing power needs of Epic Systems, which are expected to double in the next decade, Wisconsin utility regulators have authorized construction of an underground power line in Verona costing this amount, of which Epic has agreed to pay $10.2 million, the Wisconsin State Journal reports.

98
The study “OpenNotes After 7 Years: Patient Experiences With Ongoing Access to Their Clinicians’ Outpatient Visit Notes,” published in the Journal of Medical Internet Research, found this percentage of survey respondents thought online access to visit notes was a good idea. Other findings: 73% said reading notes is very important for helping them take care of their health and feel more in control, 66% said it helped them remember their plan of care, and 63% said the availability of notes is very important for choosing a future provider, regardless of whether or not they chose to review their notes.

7 to 10
The Indian Health Service, an agency within Health and Human Services that provides federal health services to American Indians and Alaska Natives, intends to replace its legacy EHR system with a modern EHR that will take this number of years to implement and will cost American taxpayers billions of dollars, according to HealthData Management.

1/3
Nearly this fraction of respondents to a CynergisTek cybersecurity survey reported that medical device security is one of the top five risks facing health care. However, most reported not having an effective strategy in place to assess the risks posed by medical devices, and 26% said they don’t have any process in place.