Managing the Rising Risks of a Healthcare Data Breach

The healthcare industry is rapidly adopting health information technology (HIT). Sometimes so rapidly security measures are lagging behind, leaving healthcare entities open to dangerous data breaches.

In the first three years of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, about 260 data breaches affected more than 10 million patients, according to the U.S. Department of Health and Human Services.

The costs of a healthcare breach for both businesses and affected patients are staggering:

• HITECH carries violation fines of up to $1.5 million
• Data breaches cost the healthcare industry $6 billion per year ¹
• The total economic impact of medical identity theft is $30.9 billion annually, up from $28.6 billion in 2010²
• Healthcare firms spend about $1 million per year, per firm, on data breaches³

Healthcare Data Privacy

The healthcare industry is a particularly attractive data breach target. Healthcare records have it all: names, Social Security numbers, birth dates, payment information, insurance identification numbers, protected health information (PHI) and more.

Healthcare entities manage large amounts of both PHI and personally identifying information (PII). So it’s little wonder why data breach prevention is the leading concern among healthcare IT decision makers.⁴

The counterbalance to data breach prevention is breach preparedness. That is, being ready to meet notification requirements and industry regulations if a data breach occurs. A data breach response plan can help entities avoid both fines and customer loss.

Medical Identity Theft Puts Patients at Risk

When a healthcare data breach exposes someone’s PHI and/or PII, the risk of identity theft and medical identity theft rises.

• On average, medical identity theft can add up to $20,000 in out-of-pocket expenses for a single victim⁵
• Consequences of medical identity theft include becoming uninsured for both life and health insurance
• Victims of medical identity theft may receive the wrong type of care due to tampered medical files
• Unpaid medical bills sent to collection agencies can damage credit histories and financial stability

Data Breach Response

As the use of HIT expands, so does the need for a data breach response plan, one that includes a proven resolution solution that addresses proper notification. Experian® Data Breach Resolution has handled some of the largest healthcare incidents to date.

We have a proven track record of servicing thousands of data breaches and resolving more than 50,000 cases of fraud. We’ll work closely with you before or after a breach occurs to help ensure you’re successful.

We handle data breach notification to help you comply with state and industry regulations. We also offer a variety of consumer protection products, which you can offer to your patients to assure them that you care about what’s happening to them.

Contact Experian at databreachinfo@experian.com or 1 866 751 1323 for a personalized pre-breach consultation or an effective post-breach action plan.

1 Ponemon Institute, “Benchmark Study on Patient Privacy and Data Security.” (2010)

2 Ponemon Institute, “Second Annual Survey on Medical Identity Theft.” (2011)

3 Ponemon Institute, “Benchmark Study on Patient Privacy and Data Security.” (2010)

4 Zoomerang, “2010 Health IT Survey.” (2010)

5 Ponemon Institute, “Second Annual Survey on Medical Identity Theft.” (2011)

6 Ponemon Institute, “Electronic Health Information at Risk: A Study of IT Practitioners.” (2009)