U.S. healthcare organizations, their employees, and the patients they serve have a significant problem. A new study published in the Journal of the American Medical Association (JAMA) found that millions of patients’ records are exposed each year due to data breaches. Even more troubling, the report indicates that medical data breaches are increasing year after year — a trend that shows no signs of slowing.
About the study
The report was conducted by researchers at the Massachusetts General Hospital Center for Quantitative Health, and it was co-authored by the center’s director Thomas McCoy. For their study, McCoy and his team analyzed more than 2,000 data breaches in the healthcare industry.
The compromised records, which totaled nearly 200 million, consisted only of those reported to the Department of Health and Human Services (HHS) between 2010 and 2017. Due to a 2009 policy, the Health Information Technology for Economic and Clinical Health, healthcare organizations are required to report breaches to the HHS.
Healthcare breaches involving 500 or more records are also stored in a public database.
What did the government data reveal about healthcare breaches?
While we’ve known about (and have been reporting on) the increase of medical data breaches for quite some time, the report does contain some fresh data. Here are a few of the more noteworthy highlights:
- 75 percent of all compromised records were a direct result of “hacking or IT incidents”
- Most breaches,1,503 of them, occurred at healthcare providers
- Insurance companies lost 110.4 million medical records
- In the past seven years, healthcare breaches have increased by 70 percent
- Nearly 180 million records were reported as compromised to the HHS
This isn’t the only report to identify significant challenges related to healthcare data breaches.
In 2016, medical records were compromised at a rate nine times higher than financial records, and 2017 proved to be even worse for the industry. Verizon’s annual Data Breach Investigations Report found that 25 percent of the 2,200-plus data breaches analyzed occurred in the healthcare industry. In total, there were 530 data breaches and 750 security incidents — the most of any recorded industry.
Why are healthcare data breaches on the rise?
The increase in healthcare-related data breaches is a result of many factors, with two of the most significant being 1) an exponential shift to electronic health records and 2) the staggering value of medical records on the dark web.
While all personal details can be sold on the dark web, medical records command a much higher price. Industry analysts report that medical records sell for as much as 20 to 50 times more than other forms of personal data. In total, medical identity theft has an annual economic impact that exceeds $41 billion.
How is this the case?
Identity thieves can use the compromised medical records to acquire medical treatment, receive elective surgery, and even fill prescriptions using the victim’s personal details. This creates a world of danger for the victim, as the thief’s medical records often become intertwined with the victim’s electronic health records.
This can easily place the victim’s health in peril, as Senior Vice President of the Medical Identity Fraud Alliance Anne Paterson explains:
“About 20 percent of victims told us that they got the wrong diagnosis or treatment, or that their care was delayed because there was confusion about what was true in their records due to the identity theft.”
Steps healthcare providers can take to protect their employees and patients
The first step healthcare organizations can take to protect their employees and patients begins with learning the facts. If you are a healthcare provider or a benefits broker with clients in the healthcare industry, you may want to review our complimentary guide, How Identity Theft and Data Breaches Impact the Healthcare Industry.
It’s loaded with great information you can use to keep your employees — or your clients — safe!