Healthcare Data Breaches: What to Do if Your Medical Info Is Exposed

The healthcare industry is the top data breach target and has been for quite some time. Healthcare data breaches have doubled since 2014. 

According to the medical journal Healthcare, from 2005 to 2015, the healthcare sector faced the highest number of data breaches of any industry. Of the 6,355 data breaches reported during that time, the healthcare industry accounted for more than 60%. From 2015 to 2019, the healthcare industry experienced 1,587 data breaches—about three-quarters of all data breaches. 

Once again in 2021, the healthcare industry is on track to have the highest number of data breaches, reports HIPAA Journal. During the first six months of 2021, 238 healthcare data breaches were reported. HIPAA Journal also reports that there was a 25% increase in healthcare breaches from 2019 to 2020. 

Hospitals and other healthcare organizations process and store a wide range of personal patient data such as Social Security numbers, medical history, insurance information, names, address, phone numbers, and even vehicle identifiers. 

Generally, a healthcare data breach is any illegal disclosure or use of private health information without the patient’s authorization. HIPAA defines a data breach as “the procurement, access, use, or exposure of confidential health information illegitimately, which compromises the privacy or security of that confidential health information.”

Protected Health Information (PHI) can be illegally exposed to third parties in a number of ways. Most people think of cybercriminals breaking into a database when they hear the word “data breach.” And while hacking, ransomware, and related cybersecurity incidents are common forms of data breaches, breaches can also occur in other ways, including unauthorized disclosures from within the healthcare organization, the lost or theft of devices, and miscellaneous breaches, such as improper document disposal. 

Was Your Healthcare Data Stolen? Download Your Free Copy of Our Data Breach Lawsuit Guide.
 

For starters, PHI is more valuable to criminals on the black market than credit card credentials or other types of personally identifiable information (PII). That’s because PHI has at least 18 different information identifiers. The sheer amount of data available from a healthcare record makes it a treasure trove of information that hackers and cybercriminals can sell, or hold hostage using ransomware attacks. According to the Center for Internet Security, the average cost per stolen record for a healthcare data breach is $355, compared to $158 for a stolen non-healthcare-related record. 

In addition, the healthcare industry, like many industries, has undergone a digital transformation through the use of cloud based storage, digital devices, and the replacement of paper-based systems with electronic health records. Healthcare organizations collect sensitive information from patients and store them on network servers where it is accessible all the time, not only to health experts, but to criminals. Healthcare systems are also complex environments where a large number of computers, devices, and equipment must be secured, and data may be stored on less secure networks, says Security Intelligence. 

COVID-19 coincided with a sharp uptick in data breaches across industries. The pandemic increased our reliance on online infrastructure and, as a result, made us more vulnerable to cyberattacks. With greater utilization of telehealth, more people working from home, and more services coming online, basic hospital infrastructure like pneumatic tube systems can become a cyberattack vector. 

Your stolen healthcare record is worth hundreds of dollars on the black market, but that amount vastly undervalues the real cost of a data breach to you. 

Among other things, criminals can use stolen healthcare data to target you with fraud and scams, create fake insurance claims, illegally gain access to prescriptions for personal use or resale, use your data to open credit accounts, access your banking, and even blackmail you with sensitive medical details. Security research firm Ponemon Institute found that medical identity theft victims spend an average of $13,500 to resolve the fraud, which can include paying off fraudulent medical bills, restoring their credit, and correcting health record inaccuracies. 

It isn’t your fault that your data was stolen, so why should you have to pay to set things right? Even if you’re offered free credit monitoring services, that isn’t likely to go far enough. You may be entitled to much more money for your troubles. A lawyer can help you recover compensation for your financial losses, time spent dealing with the data breach, and other damages. 

Morgan & Morgan’s data privacy lawyers have successfully handled many high-profile data breach cases, including claims against Yahoo, Capital One, Equifax, and MGM Grand. If you were the victim of a data breach, don’t waste any time taking action. Contact Morgan & Morgan right away to talk to a lawyer.