Hackers, phishers, and disappearing thumb drives: Lessons learned from major health care data breaches

Health care services are complex and require many different entities to have access to patients’ medical data. Consider a simple office visit: in addition to the physician who sees the patient, it may involve an independent entity that facilitates the scheduling of the visit, an electronic medical records (EMR) vendor that provides software and cloud storage for saving the doctor’s notes, an health information exchange (HIE) platform that shares this data with other physicians, another party that creates the bill, the insurance company that pays for it, and sometimes a collecting agency that manages the patient’s late payments. 

As the complexity of health care services increases, the number of involved entities and the subsequent risk of privacy breaches also increase. Twenty three percent of all data breaches happen in the health care industry . Over the last six years, medical data of more than 155 million Americans have been potentially exposed through nearly 1,500 breach incidents. The per-record cost of health care data breaches is $363, the highest of all industries.

Download the Report