Why Healthcare Breaches Are Worse Than Financial Ones

By Katie Wike, contributing writer

Everyone is concerned about their credit card information being stolen, but what about healthcare information? Government Health IT explains why healthcare breaches are worse than financial breaches.

Healthcare breaches affect 1 of 10 Americans according to HHS. That’s over 37 million U.S. residents since 2009. Stealing health information is tempting for hackers, who can get ten times the price of a credit card number for a health record.

The FBI warned providers this summer that hackers would be targeting the healthcare system and now Government Health IT lists five reasons why healthcare breaches are far worse than financial ones.

1. High volume of healthcare data breaches: Since September 2009 HHS has reported a total of 1,026 breaches involving records of 500 individuals or more, and more than 116,000 reports of breaches involving less than 500 individuals have been reported.
2. The difficulty in restoring medical identities: “Victims of healthcare data breaches have fewer resources to help them,” explains Government Health IT. “For instance, free identity monitoring often offered when health records are breached, tends to focus on financial transactions rather than healthcare records. This simply does not benefit those with compromised medical records.”
3. Ignorance of the deadly consequences: Private information could be made public and used inappropriately. This data could appear anywhere at any time, online, in the form of cyberbullying, blackmail or medical fraud.
4. A lack of controls and technologies: Hospitals often spend their budgets on new technologies like scanners and lasers before they invest in security.
5. Lack of adequate recompense to affected patrons: Government Health IT says, “Healthcare entities, regardless of size, need to perform their own ‘health check’ as to the adequacy of their privacy and security posture of handling patient data.” This health check should include: reviewing their overall risk management program to ensure the processes and systems protecting the data are robust and effective; assessing logical and physical access controls over IT systems and paper files; monitoring security controls related to mobile and bring your own device policies; gauging the potential use of data loss prevention tools; and establishing an effective business associate risk management program to be sure your vendors are protecting your customer’s data.