Digital data breaches affect millions and cost billions every year in the U.S.
Cyberattacks at Sony Pictures Entertainment (employee’s personal data and corporate correspondence leaked) and JP Morgan Chase & Co (affected 76 million households and 7 million small businesses) in 2014; and at UCLA’s Health System (4.5 million patients possibly affected) and health insurance giant Anthem Inc (80 million Americans affected) in 2015 are just a few well-known examples.
IBM and the Ponemon Institute report that in 2015, the average total cost of a data breach for 350 companies participating in their research was $3.79 million (or $154 for each lost or stolen record or file).
Smaller institutions are just as much at risk. Hollywood Presbyterian Medical Center in L.A. was recently hit by an infection of “ransomware”, malicious software that allowed hackers to access and encrypt all its data and then demand a ransom to decrypt it. The facility, which paid the $17,000 ransom promptly to reduce harm to patients, had no access to email, digital patient records and some internet-connected medical devices for nearly two weeks. The attack forced the hospital to return, temporarily at least, to pen and paper for its record-keeping.
According to Stu Sjouwerman, founder and CEO of cybersecurity firm KnowBe4, such attacks have been happening with increasing frequency around the world but are often not made public for PR reasons.
As Glen Reynolds points out in USA Today, paper records are inherently more secure from attack than electronic records. “To steal, or hold for ransom, 10 million electronic user records… all you might need is a cracked password and a thumb drive. To steal that many records on paper, you’d need a fleet of trucks and an uninterrupted month. “
“From intelligence agencies to hospitals, paper records are the killer app for stopping hackers.”
Moving from paper to electronic records and trying to keep one step ahead of digital data breaches is not only a continuous and costly exercise but one that causes frustration and errors among its users – who often resort back to using paper.
In a recent blog post for the New York Times, Dr. A. Zuger, M.D. writes that her hospital has bought a variety of electronic record keeping systems from competing vendors each of which have proprietary coding to specifically impede inter-system collaboration. “When you don’t know what electronic language the receiver speaks (and you never do), you go with paper.”
A study of electronic health record (EHR) implementation on surgical resident work load showed that even after 6 months, time to complete patient documentation was significantly longer with EHR than with paper records. In addition, most residents felt their risk of making a medical error was higher using electronic documentation. Bottom line: paper worked just fine.
And this drive to expensive electronic bookkeeping ($29 billion over 10 years) may have reduced the number of medical errors but the numbers are still chillingly large: 1000 people die and 10,000 suffer serious complications each day in the U.S.
As Dr. Zuger points out, the drive within the medical community to compile and rely on electronic information was prompted by honourable intentions to improve patient care, reduce administrative costs and lower medical errors. As she and her colleagues struggle daily to accomplish these goals, they succeed through the simple expedient of paper.
“Paper has become our lingua franca, our fallback and standby. In our new digital universe, we have peculiarly seen a retro explosion of paper.”