More than two million Americans victim of medical identity theft

More than two million Americans victim of medical identity theft2.32 million Americans have been victim of medical identity theft, a new study by the Medical Identity Theft Alliance has found.

500,000 of these victims were in 2014 alone, which is an increase of nearly 22% in just the last year.

These findings are shocking compared to financial or retail breaches because data breaches in healthcare:

  • often involve more personal information, such as Social Security numbers and date of birth, making the data more valuable to criminals;
  • are more expensive – a Ponemon study suggests that 65% of medical identity theft victims had to pay an average of $13,500 to resolve the crime, compared to credit card victims who are often limited to a $50 expense;
  • are communicated less to the victims – healthcare victims are rarely informed of data breaches;
  • full resolution of medical identity theft is hard to achieve.

The results do not include the recent Anthem data breach, which is thought to have affected 80 million Americans.

Why are there so many victims?

Healthcare organizations are using a growing number of mobile devices including tablets, smartphones, and laptops, which has meant that there’s a greater risk of data being lost or stolen. Healthcare organizations need to ensure that the proper administrative, physical, and technical safeguards are applied across all devices to ensure compliance and to reduce the number of breaches.

Importance of protecting healthcare information

The Department of Health and Human Services (HHS) warned last year that they would pursue organizations more aggressively for Health Insurance Portability and Accountability Act (HIPAA) violations. The threat of more audits, penalties, and criminal enforcement should encourage healthcare organizations to put more effort and resources towards protecting patient data.

ISO27001, the international cybersecurity standard, presents a comprehensive and holistic approach to implementing and maintaining an information security management system (ISMS). By virtue of its all-inclusive approach, ISO27001 encapsulates the information security elements of HIPAA, by providing an auditable ISMS designed for continual improvement.

For further reading on how ISO27001 can help you comply with HIPAA and other cybersecurity legislation in the US, download our free guide here >>

For advice and guidance on implementing internationally-recognized cybersecurity best practices, sign up to our free webinar:

Using international standards to improve US cybersecurity