News Feature | April 9, 2015

HHS: Over 120 Million Affected By Breaches

Katie Wike

By Katie Wike, contributing writer

Bringing Your Health IT Clients Breach-Fighting Tech

According to the Department of Health and Human Services, 120 million people have been affected by healthcare breaches since 2009.

Since 2009, 120 million people have been affected by healthcare breaches in the US. According to a review of HHS data, more than 1,100 breaches have contributed to this total.

“That's a third of the U.S. population - this really should be a wake-up call,” said Deborah Peel, the executive director of Patient Privacy Rights in the Washington Post’s The Switch. According to the article, HHS admits some who were involved in more than one breach may have been double counted. Despite this, the data suggests a “staggering” number of Americans have been affected by healthcare breaches.

“We are certainly seeing a rise in the number of individuals affected by hacking/IT incidents,” Rachel Seeger, a spokesperson for HHS's Office for Civil Rights, said in a statement. “These incidents have the potential to affect very large numbers of health care consumers, as evidenced by the recent Anthem and Premera breaches.”

“Health care organizations need to make data security central to how they manage their information systems and to be vigilant in assessing and addressing the risks to data on a regular basis,” said Seeger. “In addition, organizations need to ensure they are able to identify and respond appropriately to security incidents when they do happen to mitigate harm to affected individuals and prevent future similar incidents from occurring.”

Dave Kennedy, CEO of TrustedSEC, explains healthcare organizations are being targeted more and more often not only because of the high value of healthcare information, but also because there are often few security measures to protect healthcare data compared to other industries.

Health IT Outcomes reported previously that healthcare data sells for up to ten times the price of credit card data on the black market. The FBI warned hackers are targeting healthcare because medical records don’t just contain one piece of information, but rather billing information, birth dates, diagnosis codes, and policy numbers.

“The information that companies like Anthem and Premera had is more valuable than just payment card information held by retailers or financial institutions,” said Scott Vernick, who heads up the data security and privacy practice at law firm Fox Rothschild.