top of page


"blogger, InfoSec specialist, super hero ... and all round good guy" 



The Ongoing Threat of Health Care Data Breaches

Health care data breaches are on the rise. In 2018, there were numerous high-profile breaches and a much large number of smaller ones.

In November, personal information of more than 2 million patients of Charlotte, North Carolina-based Atrium Health was compromised, including billing information, Social Security numbers, addresses and dates of birth. The hack affected an Atrium billing vendor, AccuDoc.

In July, UnityPoint Health of West Des Moines, Iowa, alerted 1.4 million patients that personal information might have been compromised. A hacker, the company said, used phishing tactics to gain access to its email system and may have accessed health and financial data.

In 2015, an unprecedented data breach exposed the personal information of 79 million people. Anthem Inc., the largest health insurance company in the U.S., settled litigation over the hacking for $115 million.

In 2017, over 477 health care breaches were reported to the U.S. Department of Health and Human Services (HHS), affecting more than 5.6 million patient records. As of the end of August of this year, the number of breaches was 229, but affected 6.1 million people.

Potential Impacts of Data Breaches

The impacts of data breaches for patients can be severe. Information can be used to steal a medical identity, which a thief can use to get care and prescription drugs and file insurance claims. A stolen medical identity is harder to detect than a financial one. They are also costly and time-consuming to fix. A medical record that contains incorrect information due to a stolen identity could result in mistakes being made in care.

Hackers could also potentially use stolen medical information to blackmail or harass someone. Health care organizations also have financial information for their patients that a breach could leave compromised.

Data breaches are also exceptionally costly for the organizations to which they occur. After a cybersecurity incident is discovered, a company needs to alert the victims of the incident and fix the gap in security, both of which can be expensive. The event can also result in costly damage to reputation. After a breach, approximately 7 percent of patients will switch to a new provider. Breaches may also result in fines and lawsuits.

Combining all these factors, each record compromised in a health care data breach costs the affected organization approximately $700, or $7 million for every 10,000 records, according to a recent analysis.

How to Protect Against Data Breaches

All health care organizations need to take steps to prevent and prepare for data breaches. The frequency of these incidents is rising, and no organization is immune. Every health care company needs to have an in-house cybersecurity team or work with outside cybersecurity professionals. Tips for preventing data breaches include:

· Keeping cybersecurity products updated: Hackers are continually coming up with new strategies for stealing personal information, so organizations need to ensure they keep their cybersecurity products and practices up to date. Today, there are numerous advanced end-point detection and response (EDR) products that go further than traditional anti-virus software. You should also invest in a high-quality email security architecture.

· Testing frequently: Hackers are always looking for vulnerabilities to exploit in your system, so you need to run frequent penetration and vulnerability tests to ensure you find those issues before they do.

· Providing training: Training all employees that may come into contact with sensitive data in cybersecurity best practices can help prevent a large number of attacks. Data management training can help them ensure they don't accidentally expose personal data. Train staff in other types of attacks, too. Training employees on how to detect fraudulent emails, for example, can help prevent phishing scams.

The risk of health care data breaches is not going away anytime soon. Every organization in the health care sector that handles sensitive data needs to take steps to avoid becoming the victim of the next incident.

Written by:

Kayla Matthews

tech journalist & writer


Les commentaires ont été désactivés.
bottom of page