Technology has left an indelible imprint on health care delivery, improving the accuracy and accessibility of patient information, but what about the risks? Consider the following scenarios:

  • A hospital nurse lost an iPad containing the names, social security numbers, medical conditions and other protected health information for 25,000 patients vaccinated against the flu.
  • A physician group gave its billing company the names and health care spending account numbers of 450 patients. The billing company accidentally posted these files on its public website, where they remained until a patient saw the information. 
  • A physician office's server, which contained unencrypted information on 2,500 patients, was hacked and encrypted. The hackers demanded $50,000 to unencrypt the information and return control of the server.

Stories like these are a reminder that not all data breaches are created equal. Health care organizations have access to sensitive data regarding not only patients' finances, but on their health as well. Unfortunately, while health care data breaches are more personal in nature, they're also more common than most people think.

The numbers paint a startling picture:

  • Medical identity theft is more lucrative than credit card theft. According to PhishLabs, a provider of cybercrime protection and intelligence services, stolen health credentials are worth about 10 to 20 times that of a U.S. credit card number.
  • Forty-three percent of all identity theft is caused by medical records theft,according to a credit.com article, "Nearly Half of Identity Thefts Involve Medical Data."
  • The cost of a health care data breach averages $316 per record, well above the $201 per record for all industry segments combined, according to the Ponemon Institute's "2014 Cost of Data Breach Study."

For patients whose medical identity is stolen, the costs range far beyond the challenge of repairing medical records. Patients' credit ratings can be damaged. Their health insurance policies could potentially be cancelled or their premiums increased. Worse yet, if the person who stole the medical identity changes the existing medical information, an individual's health could be at risk.

For health care organizations responsible for safeguarding protected health information, the costs of addressing a breach range from notification and crisis management costs to potential legal action.

Recommended For You

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.