At first, it was only our money they were after. But now identity thieves want it all, and they don’t care how much it costs us — even if it jeopardizes our health. In 2017, data breaches and security incidents hit businesses hard, but big banks weren’t the most impacted — it was healthcare providers, their employees, and even their patients.

But before we delve into why this is the case and what we can do about it, let’s take a closer look at this disturbing trend. 

An industry under attack

Verizon Enterprise has officially released the 2018 edition of its annual Data Breach Investigations Report, and the results are staggering — especially for the healthcare industry. While the number of data breaches in industries like manufacturing, information, and financial services has declined sharply in recent years, it has skyrocketed in healthcare. 

In 2016, medical records were compromised at a rate nine times greater than financial records. And in 2017, around 25 percent of the 2,200-plus data breaches Verizon Enterprise analyzed occurred in the healthcare industry. In addition to these 530 data breaches — the most of any recorded industry — healthcare organizations also experienced 750 security incidents.

Why healthcare is such a target

While these numbers certainly appear shocking, the overall trend isn’t entirely unexpected. After all, medical records can fetch a much higher price on the dark web than other personal data — by as much as 20 to 50 times.

With these compromised credentials, identity thieves can use a victim’s data to acquire medical treatment, receive elective surgery, and even fill prescriptions. Additionally, the thief’s medical history can become intertwined with the victim’s electronic health records.

According to Ann Patterson, senior vice president of the Medical Identity Fraud Alliance, this can result in significant problems for the victim:

“About 20 percent of victims told us that they got the wrong diagnosis or treatment, or that their care was delayed because there was confusion about what was true in their records due to the identity theft.” 

In total, medical identity theft has an annual economic impact of around $41 billion a year. 

It’s not all bad actors 

Not every breach was due to a cybercriminal or outside party. In fact, healthcare is the only industry where insiders pose a greater threat than external ones — internal employees caused 56 percent of the breaches, while external actors caused only 44 percent. 

While some breaches are due to employees seeking to harm their organization or to acquire financial gain, many aren’t the result of any ill will. Often, healthcare staff unintentionally reveal employee or patient data. This form of error is responsible for more than a third of all healthcare-related data breaches and security incidents. 

Protecting your patients and your employees 

The first step to protecting your patients and your employees is to educate yourself on how data breaches occur and what actions you can take to reduce risk at your healthcare organization. 

If you’d like to learn more about the threat of identity theft in the healthcare industry, you can download our guide, How Identity Theft and Data Breaches Impact the Healthcare Industry. In addition to containing content specifically curated for healthcare organizations, this quick read also includes solutions to help businesses like yours protect your most vital asset — your employees.