Data breaches affecting major retailers or dating websites get all the headlines – especially if a few public figures get caught in the crossfire – so it’s easy to overlook the fact that medical data breaches make up a significant portion of the events. In fact, 2016 was a record-setting year for the total number of data breaches and individual records compromised: medical data breaches accounted for 36.6% of the events according to the Identity Theft Resource Center.
“It’s unsettling that 42.5% of survey respondents only a few years ago did not even know what medical identity theft is, and yet 36.6% of this year’s data breach activity involved medical records. More than 15 million patient records were compromised in medical data breaches this year, leaving many to wonder what can happen with that level of information. In 2015, more than 110 million records were compromised in the healthcare/medical industry.”
Other types of data breaches can yield the hackers financial information, or even proof to use for extortion. What would prompt them to break into a hospital network, other than to find out when your last ingrown toenail was treated? There are two major outcomes, both of which can prove very profitable.
The first is the growing incidences of ransomware attacks against medical facilities. As the rash of attacks in 2016 alone proved, hospitals are all too willing to pay up in order to regain control over their networks and patient records. Between the massive fines for violating patient privacy and the lawsuits resulting from lack of treatment due to a dead-in-the-water network, too many facilities have demonstrated that they’ll pay the ransom in order to get back to business as usual.
The other factor, at least for patient records in the US, is that they tend to contain all the pieces of the individuals’ identity puzzle. Names, birth dates, Social Security numbers, health insurance numbers… all of it is stored in the file. One successful breach of a hospital network can yield hundreds, if not thousands, of complete identities. Even better, these identities are permanent, as opposed to credit card breaches that will only prove profitable until the financial institutions cancel those card numbers.
The center’s findings continue, “11.8% of the 2016 medical breaches exposed patient Social Security numbers, and records stolen in medical data breaches ranked the highest in the ITRC’s findings for ‘data on the move,’ meaning information which was somehow lost or stolen while in transit from one location to another.”
Keep your system secure. Download the latest security software now.