Three New Medical Data Breaches

Stolen medical records are the holy grail of identity theft crimes, and hackers can make serious money selling patient records online.

This is largely due to the high-volume of information that your medical record might contain. Your name, birthdate, and address are in there, but your Social Security number and health insurance account numbers may also be listed. Depending on where you live and what type of facility you’ve used, there may even be scanned copies of your driver’s license, from your previous payments, and more.

Three recently reported medical data breaches have resulted in nearly 250,000 medical records being compromised, records that are known to contain the protected health information (PHI) for the patients in question. One of the incidents involved a laptop that contained unencrypted patient files stolen from a locked vehicle while another involved ransomware downloaded to a facility’s servers. The third breach involved unauthorized access to the facility’s network, although no other details have been given as to whether it was an “inside job” or the work of hackers.

There are some important and upsetting takeaways in each of these three unrelated events. First, it shines a brilliant light on the fact that new tactics may have come along, but the old methods of exposing confidential records are still a threat. After all, it’s 2017…why are unencrypted laptops filled with confidential information even still in use? More importantly, there was a significant delay of more than a year in the time it took one of the facility’s to notify the victims following the discovery of the breach. Again, why? Data breaches and hacking events are not new, and if anything, recent innovation and awareness have only shortened the time it takes to notify victims.

All three of these breaches must serve as a warning to the public not to let their guards down when it comes to their personal security and privacy. Individuals have to ask important questions about where their data will end up, how it will be secured, and what steps will be taken in the event that it is compromised. At the same time, the public also has to take ownership for monitoring their credit and the use of their identifying information, as the various entities that already gathered that data are under constant threat of a breach.