More than 70 percent of hospital breaches create potential for identity theft or fraud

por John R. Fischer, Senior Reporter | September 26, 2019
Cyber Security Health IT
More than 70 percent of hospital breaches
include sensitive demographic or financial information
More than 70 percent of hospital data breaches place sensitive demographic or financial information at risk of being used to commit identity theft or fraud, according to a new research report.

Researchers at Michigan State University and Johns Hopkins University made the discovery while sifting through 1,461 breaches of protected health information from over the past decade to identify for the first time which information was compromised in these records.

“One implication of our study is that if healthcare providers have limited resources, maybe they should put more emphasis on safeguarding patients’ sensitive demographic and financial information such as SSN, driver's license, birth date, and credit card numbers,” John (Xuefeng) Jiang, professor and Plante Moran Faculty Fellow at Michigan State, told HCB News.
DOTmed text ad

Reveal Mobi Pro now available for sale in the US

Reveal Mobi Pro integrates the Reveal 35C detector with SpectralDR technology into a modern mobile X-ray solution. Mobi Pro allows for simultaneous acquisition of conventional & dual-energy images with a single exposure. Contact us for a demo at no cost.

Demographic information consisted of names, email addresses, and other personal forms of identification, while service or financial data included service dates, billing amounts, and payment information. Medical information, such as diagnoses or treatments, was also among the data examined.

Of the breaches assessed, 71 percent contained sensitive demographic or financial information that could be used in identity theft or financial fraud to exploit 159 million patients. Two percent consisted of sensitive medical information for 2.4 million patients, potentially threatening their medical privacy.

The findings should encourage healthcare policymakers to require standardizing documentation of the types of information compromised, according to Jiang, who adds that healthcare providers can take a number of steps to prevent such breaches from occurring in the first place.

"To reduce storage risk, healthcare providers could transition from paper to digital medical records, safe storage; move to non-mobile policies for patient-protected information; and implement encryption, firewall protection and cloud-based data storage,” he said. “The protocols to mitigate breach risk related to PHI communication include: mandatory verification of the recipient and the information exposed through envelope windows; mandatory verification of the recipient, the copy protocol (bcc versus cc); and the encryption of content (through email)."

The findings were published in the journal, Annals of Internal Medicine..

You Must Be Logged In To Post A Comment