by Hannah Trum Senior Marketing Specialist
Article filed in

Healthcare data breaches – a haunting reality

by Hannah Trum Senior Marketing Specialist

The number of data breaches in the healthcare industry increased in 2019 for the 4th year in a row, with over 41 million patient records breached, according to the Protenus 2020 Breach Barometer report. 

That is a scary and sobering statistic. How and why does this keep happening at such astronomical numbers? Are hackers and data criminals really that much savvier than the rest of us?  What can healthcare professionals do to keep their patient’s information safe?

An increase in hacking

Hacking accounted for 58% of all data breaches in 2019 per the Protenus report, with ransomware incidents on the rise particularly. 

Hackers are getting smarter and expanding their targets outside of just healthcare workers—they are targeting patients as well.

According to Protenus, it can take 224 days to detect a data breach and another 80 days for it to be reported to the US Department of Health and Human Services (HHS). That leaves many patients in the dark about potential medical-related identity theft until the damage has already been done.  

The wealth of information healthcare records hold is unmatched. Because hackers can use protected health information (PHI) to receive treatment, steal bank account information, make fake passports, and more, the risk of data breaches in the healthcare industry is only increasing.  

Human error

With phishing email attacks affecting every industry, it is no surprise that the Protenus study noted that one-third of the incidents reported in 2019 are attributed to this type of scam. 

Some phishing scams can be easy to notice (think sending money to a foreign prince), but others can be difficult to identify (such as a display name spoofing email which appears to come from your boss). 

Other factors that can contribute to data breaches include third-party errors, stolen devices, and not having a disaster recovery plan.

Remembering these tips and investing in ongoing security training is an important step to protect your organization from cyberthreats. 

The true cost of data breaches

For covered entities, the monetary cost behind these breaches isn’t pretty. 

The cost of HIPAA related fines, litigation, and revenue loss totals almost $6.2 billion annually. According to Protenus’ Cost of a Breach report, the healthcare industry could lose up to $305 billion in patient revenue over the next 5 years!  

Data breaches affect a patient’s trust in doctors

However, these breaches don’t only affect healthcare providers; they also violate patient trust.

Patient-provider relationships are one of the pillars of the healthcare industry. Patients build trust with their providers by sharing personal information about their lives. In turn, physicians build trust with patients by using that information to effectively treat them. 

A data breach violates the trust patients have in their doctors; it can cause irreparable damage to the patient-provider relationship. 

Data breaches cost patients money

Many healthcare providers don’t realize that patients aren’t protected from the costs that accrue due to a medical data breach. With other types of identity theft, a provider (like a credit card company) can have a legal responsibility to a person for losses over a certain threshold. The same financial protections may not apply to medical-related identity theft. 

In 2015, patients who were victims of medical identity theft, on average, accumulated $13,500 in out-of-pocket theft-related expenses. Theft-related expenses can include legal fees and paying fraudulent medical bills. 

With 48% of patients surveyed by the Medical Identity Fraud Alliance saying they would consider changing healthcare providers over compromised records, skimping on securing your data isn’t something any healthcare provider can afford in the age of the Internet. 

Prepare with HIPAA compliant email

The easiest solution to keeping your practice, your patients, and their information safe is to utilize a HIPAA compliant email service, like Paubox Email Suite Premium. 

Paubox Email Suite Premium encrypts all emails sent from a customer’s existing email platform (such as Google Workspace or Microsoft 365). Emails are delivered directly to a patient’s inbox, meaning your patients no longer have to log into or out of an email portal or use a password to read their messages.  

Paubox Email Suite Premium comes with email archiving and data loss prevention (DLP), a feature that prevents unauthorized employees from transmitting sensitive information either accidentally or maliciously outside of a corporate network. 

Our DLP feature includes inbound attachment scanning and the ability to scan for a variety of sensitive information like social security or credit card numbers. It also gives you the ability to create custom rules for more added security.   

Paubox Email Suite Premium is perfect to help your company avoid a cyber-security disaster.

Try Paubox Email Suite Premium for FREE today.