A recent report by The Journal of the American Medical Association (JAMA) reveals that criminal theft, malicious hacking and data breaches involving private healthcare and medical information has increased substantially during the past few years. According to the JAMA study, almost 30 million health records nationwide were involved in hacking incidents and data breaches over the past four years. This trend is continuing. Hackings doubled during the study, from almost 5 percent of incidents in 2010 to almost 9 percent in 2013.
With respect to cyber breaches involving healthcare information, the compromised information typically includes patients' names, home addresses, ages, illnesses, test results, and Social Security numbers. In addition to the usual concern that cyber criminals will use or sell compromised private information for monetary gain utilizing identity theft and credit card fraud, experts believe that hackers who obtain private healthcare information also utilize the information to fraudulently obtain medical and insurance services.
The researchers who compiled and authored the JAMA study also noted that they believe that the recent rise of data breach incidents are leading some patients to avoid giving doctors sensitive information about their health, including substance abuse, mental health problems, and HIV status. As the JAMA editorial pointed out, "[l]oss of trust in electronic health information systems could seriously undermine efforts to improve health and health care in the United States."
Analysts contributing to the JAMA report also reviewed online databases regulated by the U.S. Department of Health and Human Services that contain mandated reports of breaches in health information protected by federal privacy law. Over four years, 949 data breaches were reported across the country. The numbers climbed annually, from 214 in 2010 to 265 in 2013. Nearly 60 percent of these breaches involved some kind of criminal theft.
Large scale breaches in the healthcare community have also seen their fair share of high profile incidents. In addition to the mass data breach last year at Anthem, Premera Blue Cross recently reported in March of 2015 that it was a victim of a cyberattack that may have exposed medical data and financial information of 11 million customers. Premera believes hackers gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other data in an attack that began in May 2014. Preliminary investigations indicate that the Premera breach is the largest breach reported to date involving patient medical information. About 6 million of the patients whose accounts were hacked are residents of Washington state, where Premera customers include Amazon.com, Microsoft and Starbucks. The rest of the patients are scattered across the United States.
Patients should be particularly alert to cyber threats, including "phishing" emails from hackers posing as doctors or healthcare professionals that use fraudulent hyperlinks to launch harmful malware when clicked. When in doubt, always call the healthcare provider to confirm the legitimacy of email or electronic communications. While cyberattacks are on the rise across all business sectors, everyone should be aware that this rise in data breaches also includes the theft of private medical information held by healthcare providers and insurers.