Hospitals and Healthcare Providers are Major Targets for Hackers and Data Breaches

Over the last few years, data breaches reported within the healthcare industry have continued to rise. For instance, in 2018, the healthcare sector reported the second largest number of breaches among all measured sectors and the highest rate of exposure per breach.^[1]

Healthcare-related data is among the most sensitive and personally consequential when compromised. A report focusing on healthcare breaches found that the “average total cost to resolve an identity theft-related incident…came to about $20,000,” and that the victims were often forced to pay out-of-pocket costs for healthcare they did not receive in order to restore coverage.^[2]

Amazingly, almost 50% of the victims lost their healthcare coverage as a result of the incident, while nearly one-third said their insurance premiums went up after the event. Forty percent of the customers were never able to resolve their identity theft at all. Data breaches and identity theft have a crippling effect on individuals and detrimentally impact the entire economy as a whole.^[3]

Within the last two years, healthcare-related data breaches have continued to rapidly increase. According to the 2019 HIMSS Cybersecurity Survey, 82% of participating hospital information security leaders reported having a significant security incident in the last 12 months, with a majority of these known incidents being caused by “bad actors” such as cybercriminals.[4]

“Hospitals have emerged as a primary target because they sit on a gold mine of sensitive personally identifiable information for thousands of patients at any given time. From social security and insurance policies to next of kin and credit cards, no other organization, including credit bureaus, have so much monetizable information stored in their data centers.”[5] Indeed, the HIPAA Journal 2019 Healthcare Data Breach Report confirms an upward trend in health sector data breaches over the past 10 years, with 2019 reflecting more data breaches than any other year.[1] 2019 represented a 37.4% increase over breaches reported in 2018 with a total number of patient records exposed increasing from 13,947,909 in 2018 to 41,335,889.[2]

“Shockingly, the report disclosed that in 2019 alone, the healthcare records of 12.55% of the population of the United States were exposed, impermissibly disclosed, or stolen.”[3]

[1] HIPAA Journal, Healthcare Data Breach Statistics, https://www.hipaajournal.com/healthcare-data-breach-statistics/ (last visited March 31, 2020).

[2] 2019 Healthcare Data Breach Report, HIPAA Journal, https://www.hipaajournal.com/2019-healthcare-data-breach-report/ (last visited March 31, 2020).

[3] Report Reveals Worst State for Healthcare Data Breaches in 2019, Info Security Group, February 14, 2020, https://www.infosecurity-magazine.com/news/report-healthcare-data-breaches-in/ (last visited March 31, 2020).

[1] Identity Theft Resource Center, 2018 End -of-Year Data Breach Report. Available at https://www.idtheftcenter.org/2018-data-breaches/ (last visited March 31, 2020).

[2] Elinor Mills, Study: Medical identity theft is costly for victims, CNET, March 31, 2010, https://www.cnet.com/news/privacy/study-medical-identity-theft-is-costly-for-victims/ (last visited March 31, 2020).

[3] Id.

[4] HIMSS, 2019 HIMSS Cybersecurity Survey, https://www.himss.org/resources/2020-himss-healthcare-cybersecurity-survey (last visited March 31, 2020).

[5] Inside Digital Health, How to Safeguard Hospital Data from Email Spoofing Attacks, April 4, 2019, available at https://www.chiefhealthcareexecutive.com/view/how-to-safeguard-hospital-data-from-email-spoofing-attacks (last visited March 31, 2020).Categories