Augmented Security Following a Data Breach Leads to a Higher Patient Mortality Rate

Healthcare data breaches cause a decline in the quality of care given to patients, based on a study lately published in Health Services Research.

Researchers examined data from Medicare Compare which features quality measures used at hospitals. Data from 2012 to 2016 was reviewed and compared with information from the HHS’ Office for Civil Rights on data breaches having over 500 records in the same time period. The researchers reviewed data on 3,025 Medicare-certified hospitals including the 311 that had experienced a data breach.

Based on the study, there was an increase of 2.7 minutes in the time it took a patient arriving at the hospital to have an electrocardiogram performed at hospitals that experienced a data breach. A ransomware attack that stops clinicians from being able to access patient data will restrict their capability to give essential medical services to people, thus it is expected to have a delay in performing tests and acquiring the results. Nevertheless, the delays were seen to keep going for months and years following a cyberattack.

The study revealed that 3 to 4 years following a data breach, giving electrocardiograms to patients is still delayed. The waiting time period for patients to get electrocardiograms was up to 2 minutes longer than before the breach happened.

Hospitals that had a data breach likewise saw a 0.36% higher mortality rate of 30-day acute myocardial infarction. The higher mortality rate was not attributed to the cyberattack itself since recovery is generally possible with no a couple of days to a few weeks right after a cyberattack. The researchers say that the delays in delivering medical services following a cyberattack are because of the measures the hospitals have taken to enhance the security of their systems and effectively protect patient data, along with the better HHS oversight that happens after a data breach is encountered. These variables can cause a deterioration in the timeliness of patient care and outcomes.

After a cyberattack, hospitals complement their security controls to stop more cyberattacks from being successful. Those measures consist of stronger passwords, multi-factor authentication and other security enhancements. Although these extra measures enhance the security posture of hospitals and make data breaches more unlikely to succeed in the future, they can also slow down clinicians.

Despite the overall improvements in AMI treatment and the 0.4 percentage points annual decrease in 30-day AMI mortality rate from 2012 to 2014, the 30-day AMI mortality rate increase by 0.23-0.36 percentage point after a breach, thus effectively cancels a year’s worth of development in the mortality rate.

The researchers advise that hospitals ought to carefully assess the security controls they use to stop further breaches to make sure they do not unduly slow down clinicians and adversely affect patient outcomes.

The Data breach remediation efforts and their implications for hospital quality study was publicized in the October edition of Health Services Research: DOI: 10.1111/1475-6773.13203.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at