First Do No Harm: Patients Threatened By Data Breaches

Those in the healthcare industry understand the importance of HIPAA compliance as a way of avoiding fines and negative press. What they may not know is how damaging breaches can be for the patients that become victims of medical identity theft (MIT).

Healthcare data draws a much higher price than financial data on the black market, where a single health insurance record can sell for as much as $70. High profit margins have led to significant growth in the number of hacking attempts at healthcare companies, with 91% of healthcare organizations experiencing a breach between 2013 and 2015.

Hackers can charge exorbitant prices for the stolen data by selling it to other criminals, who use it to steal thousands of dollars by posing as patients for treatment and prescriptions. Some criminals use the data to open fake clinics, billing insurance carriers for false claims under the stolen medical identities. All of this is bad news for healthcare organizations and business associates, but it’s worse for individual victims, who may spend years trying to prove they never received any of the treatments and are not responsible for the bills.

The negative impact of medical identity theft for patients goes beyond huge medical bills. In the pursuit of a big payoff, identity thieves can wreak havoc on a person’s medical records. Medical histories, allergies, and diagnostic information become unreliable and potentially dangerous as the criminal misrepresents himself as the patient. This can lead to life-threatening errors for patients.

Prevention Is The Best Cure

HIPAA compliance is the first line of defense, but a comprehensive information security program that fosters a culture of security is essential. For healthcare providers breaking new ground with digitized records, this means helping employees understand the real-world consequences of violating security rules: they could put patient lives at risk if those patients become victims of MIT. Businesses that offer services to healthcare providers may have more experience with information security in general, but it’s useful to re-educate employees about the dire consequences of exposing medical records.