Are Data Breaches Impacting Patient Outcomes?

F.J. Thomas

Sarasota, FL ( – New research suggests that the efforts made to avoid data breaches may be having a negative impact on patient outcomes. A study published in the October issue of Health Services Research suggests a correlation between data breaches and higher death rates in heart patients, with impacts months to years later after the breach.

The study reviewed hospital data from 2012 to 2016 from the Department of Health and Human Services’ (HHS) public database on hospital data breaches and Medicare’s compare quality measures. That data included information from 3,025 hospitals. Quality was measured by reviewing mortality rates, and tracking the time it took for a heart patient to undergo an electrocardiogram.

The study found that it took 2.7 minutes longer for an emergent patient to get an electrocardiogram in a facility that had experienced a data breach. Additionally, the myocardial infarction mortality rate increased 0.36 percentage points during a three year period following the data breach. The study concluded that the delay in treatment, and increase in mortality rates could be due in part to the measures put in place in response to a data breach.

In some cases, data breaches and cyberattacks have a much more immediate response. Earlier this month, WMBF reported that Tidelands Health was forced to reschedule procedures after its computer system was hit by a malware attack. In the aftermath of the attack, clinicians and staff had resorted to using paper records due to the IT system being offline.

According to a report from the Caspar Star Tribune, Eric Boley, head of the Wyoming hospital association, states that health systems across the state have been attacked by malware on a “weekly, if not daily” basis.

In the case of Campbell County Health, its computer system was taken over by hackers who actually demanded a ransom. The hospital had to cease new patient admissions and cancel surgeries in response. In the wake of the hijacking, it took the hospital 17 days to return to operation. The hospital did not pay the ransom, and it was able to re-create patient data but at a cost of well over $1 million in lost revenue and manpower.

News brought to you by