9 Surprising Facts About Medical Identity Theft and Healthcare Security

Don’t let anyone take advantage of your health!

No one wants to think about their personal identity being stolen – it’s a hassle and a headache. But have you ever considered the possibility of someone stealing your medical identity? Security experts claim that the healthcare industry is being targeted by cyber criminals more heavily than ever before. Think about what kind of information is available to a criminal from your medical files – scary, right? And unfortunately, the information is often too accessible and is easily stolen.

Before you can start protecting yourself from this type of theft, you need to know the facts. Here are 9 facts that may surprise you.

  1. The numbers are disturbing. In 2016, the healthcare industry alone accounted for almost 35% of major data breaches reported, according to the Identity Theft Resource Center – a percentage that continues to grow each year.  
  2. It’s worth more. According to this Reuters story, a piece of medical information costs up to 10 times more than credit card information on the black market. Medical statistics including insurance and billing information sell for up to $10 each, where credit card numbers may go for $5 each in the US.
  3. The cost is high. Ponemon’s 2016 Cost of Data Breach Study shows that the average total cost of a data breach for the companies participating in the research increased from $3.79 million to $4 million, with healthcare having the highest per capita cost of all areas surveyed. The cost for healthcare organizations was $355 per data breach, compared to the overall average cost of $158.
  4. Cyber attacks keep growing. New research shows that there were almost 100 major cyber attacks made against the healthcare industry in 2016 – an incredible increase from 57 attacks in 2015.
  5. There are some surprising sources. Because of the healthcare debacle in the US, people are allowing their family members and friends to use their personal identification to receive medical treatment, including obtaining healthcare products or pharmaceuticals. According to HIPAA, this is not only is this illegal, but it can create inaccuracies in medical records, which can ultimately cause treatment mistakes in the future.
  6. Most equipment needs an upgrade. Many healthcare organizations have computer systems that desperately need to be upgraded. At the very least, the FCC recommends having the latest security software, web browser and operating system for each PC, including antivirus software, firewall security, secured Wi-Fi networks, unique passwords, and multi-factor authentication.
  7. Wearable devices can be hacked. Researchers have proved that the devices we’re wearing on our bodies pose security risks, and with the right code and enough determination, can be hacked. Devices that measure heart rate, calories expended and steps taken, for example, also increase the amount of Personal Health Information (PHI) available to thieves.
  8. Non-compliance costs keep rising. Fines for HIPAA violations can range from $100 to $1.5 million, not to mention the other possible consequences for more serious grievances (i.e. jail time). Because of the rising costs, and sometimes adding to them, there are random audits throughout each year to assess compliance with the privacy, security and breach notification laws/rules.
  9. Conversion adds more risk. While conversion from paper medical records to digital is necessary in most cases, it opens the door for cyber criminals to increase their attacks via hacking, which causes even more data breaches.

So what are you doing about Identity Theft?

So now that you know the risks, what can help? From a business standpoint, take the time to create and implement a total security culture within your company. This should include, at the very least, creating an information security policy, conducting regular employee training, maintaining controlled access to confidential information, and having a policy for secure document management. Also, take the necessary steps to protect yourself – don’t allow medical identity theft affect your life!