August ended with the report of the second highest-ever identity breach traced to a healthcare provider–4 million patient names, addresses, dates of birth, Social Security numbers and clinical information, contained on four unencrypted Advocate Health System (Illinois) office computers. It was a ‘behemoth breach’ in Healthcare IT News‘ words and has led to the filing of a class-action lawsuit (Privacy Rights Clearinghouse). Now security consultant Ponemon Institute’s latest report, released yesterday, increases the breach anxiety level with its 2013 Survey on Medical Identity Theft:
- 1.84 million people in the US are currently affected by medical identity theft–and there were 313,000 new victims in 2013, an increase of nearly 20 percent over prior year
- Victims lose more than $12 billion in out-of-pocket costs and pay, on average, $18,660 per individual
- Worse, the loss of health records led to misdiagnosis (15 percent of respondents); mistreatment (13 percent); delay in treatment (14 percent); or were prescribed the wrong pharmaceuticals (11 percent). But 50 percent of victims do nothing about it.
As we’ve mentioned before, health records are alluring because of the value of information contained (DOBs and SSIs). HealthcareITNews, iHealthBeat, Ponemon Institute/Medical Fraud Alliance 2013 Survey (free copy with information).
Previously in TTA: The exploding black market in healthcare data (ID Experts’ 10 year study and our TTA ‘Into The Breach’ Awards); Healthcare data breaches show 25% fraud risk: study