One of the fastest-growing areas of data theft is also one of the scariest. Healthcare data breaches are on the rise, up 70% over the last seven years. And while these thefts affect hospital systems, doctors’ offices, healthcare providers and insurance companies, consumers often pay the heaviest price.
Breaches Are Booming
Between 2010 and 2017, the U.S. Department of Health and Human Services reported 2,149 breaches involving 176.4 million patient records. A single breach yielded as many as 79 million records, and the three largest breaches accounted for half of all records stolen.
Making headlines nationwide, these blockbuster breaches include 78 million records at Anthem, 11 million records at Premera Blue Cross and 10 million records at Excellus Blue Cross Blue Shield.
Most alarming of all, the number of healthcare breaches has increased every year except 2015 – going from 199 breaches in 2010 to 344 in 2017. And in a recent Ponemon study, 89% of healthcare providers admitted at least one breach in the previous two years.
Why Hackers Want Health Data
So why do hackers want your most sensitive data? Think of healthcare records as the motherload. Besides the obvious financial data inherent in any transaction, medical-records thieves also get access to your name, birthday, address, billing information, Social Security Number, diagnosis codes and insurance information.
But wait, there’s more. Stolen medical records can also include family history information, demographic data, medication lists – everything you would ever need to steal an identity or commit medication, insurance or financial fraud.
Fraudsters could steal your identity, impersonate you, blackmail you, commit insurance fraud, take out a credit card in your name, or sell your data to the highest bidder on the dark web, where medical records go for as much as $100 each.
In 2010, the biggest causes of medical-records theft was stealing paper records and siphoning data off of laptops. Today, the most common avenue for theft is network servers and email. With electronic health records in heavy rotation, thieves can hit more records, much faster. And when it comes to data security, medicine has lagged behind industries like banking and finance. Medical facilities tend to invest in healthcare innovations and new equipment instead of IT, leaving them wide open to hackers.
In fact, in 2016 alone, there were nine times more medical records breached than financial records. That’s 27 million people, or 10% of the population. And unlike credit-card theft, where compromised cards are discovered and cancelled, healthcare fraud can take years to detect, and even longer to untangle.
What Can Individuals Do?
The average medical theft victim spends $13,500 on lawyer fees and fraudulent medical bills, while the average financial theft takes just $55 to clean up.
So how can patients stay safe?
- Ask doctors what they are doing to protect your data.
- Advocate for standardized protections for how data is protected and how healthcare organizations respond to breaches.
- Visit resources like IAPP and HCCA, so that you can ask healthcare organizations the right questions regarding patient data and safety.
- Whenever possible, leave your Social Security Number off of medical forms.
- Pay close attention to your financial statements, medical bills, prescription records and health records. Anything unfamiliar could signal a breach.
- Shred all medical bills, receipts and records, and destroy old pill bottles.
- Think twice about giving your medical information to apps and online services. More data sources increase your risk of a breach.
What Can Healthcare Providers Do?
Hacked medical providers risk having their data held at ransom by hackers. Breaches can also result in government actions, lawsuits, fines and a loss of public trust. If their information were stolen, 40% of consumers say they would find a new doctor, and 35% say they would go to a new hospital.
So what can doctors and hospitals do to prevent a breach?
- Invest in IT infrastructure.
- Limit the amount of access medical professionals have to patient records.
- Educate registration staff about how to spot medical identity theft, especially in the ER.
- Educate all staff members about how to spot phishing attempts, suspicious phone calls, fake websites, phony vendors and IT professionals.
- Keep software patched and updated at all times.
- Perform comprehensive employee background screenings.
- Perform proactive security audits on a regular basis.
- Implement technologies that devalue data, such as P2PE.
Putting Health & Safety First
Despite the risks inherent in electronic healthcare records, the benefits are innumerable — lower costs, universal access, improved user experience and aggregated medical research. Medical providers, professionals and patients must do everything they can to ensure that this valuable tool remains an asset rather than a liability.
When it comes to protecting financial data at hospitals and doctors’ offices, Bluefin’s P2PE and tokenization solutions ensure that sensitive payment data is encrypted the moment it enters your system. To learn more about how you can protect your organization from a data breach, contact a Bluefin representative today.