Healthcare Data Breaches and Medical Identity Theft
Managing the Rising Risks of a Healthcare Data Breach
The healthcare industry is rapidly adopting health information technology (HIT). Sometimes so rapidly security measures are lagging behind, leaving healthcare entities open to dangerous data breaches.
In the first three years of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, about 260 data breaches affected more than 10 million patients, according to the U.S. Department of Health and Human Services.
The costs of a healthcare breach for both businesses and affected patients are staggering:
- HITECH carries violation fines of up to $1.5 million
- Data breaches cost the healthcare industry $6 billion per year 1
- The total economic impact of medical identity theft is $30.9 billion annually, up from $28.6 billion in 20102
- Healthcare firms spend about $1 million per year, per firm, on data breaches3
Healthcare Data Privacy
The healthcare industry is a particularly attractive data breach target. Healthcare records have it all: names, Social Security numbers, birth dates, payment information, insurance identification numbers, protected health information (PHI) and more.
Healthcare entities manage large amounts of both PHI and personally identifying information (PII). So it’s little wonder why data breach prevention is the leading concern among healthcare IT decision makers.4
The counterbalance to data breach prevention is breach preparedness. That is, being ready to meet notification requirements and industry regulations if a data breach occurs. A data breach response plan can help entities avoid both fines and customer loss.
Medical Identity Theft Puts Patients at Risk
When a healthcare data breach exposes someone’s PHI and/or PII, the risk of identity theft and medical identity theft rises.
- On average, medical identity theft can add up to $20,000 in out-of-pocket expenses for a single victim5
- Consequences of medical identity theft include becoming uninsured for both life and health insurance
- Victims of medical identity theft may receive the wrong type of care due to tampered medical files
- Unpaid medical bills sent to collection agencies can damage credit histories and financial stability
Data Breach Response
As the use of HIT expands, so does the need for a data breach response plan, one that includes a proven resolution solution that addresses proper notification. Experian® Data Breach Resolution has handled some of the largest healthcare incidents to date.
We have a proven track record of servicing thousands of data breaches and resolving more than 50,000 cases of fraud. We’ll work closely with you before or after a breach occurs to help ensure you’re successful.
We handle data breach notification to help you comply with state and industry regulations. We also offer a variety of consumer protection products, which you can offer to your patients to assure them that you care about what’s happening to them.
Contact Experian at databreachinfo@experian.com or 1 866 751 1323 for a personalized pre-breach consultation or an effective post-breach action plan.
1 Ponemon Institute, “Benchmark Study on Patient Privacy and Data Security.” (2010)
2 Ponemon Institute, “Second Annual Survey on Medical Identity Theft.” (2011)
3 Ponemon Institute, “Benchmark Study on Patient Privacy and Data Security.” (2010)
4 Zoomerang, “2010 Health IT Survey.” (2010)
5 Ponemon Institute, “Second Annual Survey on Medical Identity Theft.” (2011)
6 Ponemon Institute, “Electronic Health Information at Risk: A Study of IT Practitioners.” (2009)
Data Breach Resolution
Experian Data Breach Response
Let us help you prepare for or respond to a healthcare data breach.
Contact us:
1 (866) 751-1323
databreachinfo@experian.com
Data Breach Quiz
Q: What percentage of healthcare practitioners who manage protected health information (PHI) have experienced at least one medical data breach?
A: 80%, according to a Ponemon Institute Study6
Make sure you have an effective medical data breach response plan in place that helps you comply with industry regulations, including customer notification requirements.