Oct. 2, 2019
Researchers from Michigan State University and Johns Hopkins University have conducted a study of health-care data breaches over the past 10 years to examine the types of information that are most commonly exposed in health-care data breaches, according to HIPAA Journal.
The study, published in the journal Annals of Internal Medicine on September 23, 2019, confirms that the health information of approximately 169 million Americans was exposed, compromised, or impermissibly disclosed in 1,461 data breaches at 1,388 entities between October 2009 and July 2019. Those breaches each impacted 500 or more individuals and were reportable incidents under HIPAA and the HITECH Act.
For the study, the researchers categorized health-care data into three main groups: Demographic information (Names, email addresses, personal identifiers etc.); service and financial information (Payments, payment dates, billing amounts etc.); and Medical information (Diagnosis, treatments, medications, etc.)
Other Articles to Explore
Social Security numbers, drivers license numbers, payment card information, bank account information, insurance information, and birth dates added to a subcategory of sensitive demographic information. This information could be used by criminals for identity theft, medical identity theft, tax and financial fraud.
A subcategory of medical information was also used for particularly sensitive health data such as substance abuse records, HIV status, sexually transmitted diseases, mental health information and cancer diagnoses, due to the potential implications for patients should that information be exposed or compromised.
Key findings of the study include:
• 71 percent of breaches involved either sensitive demographic information or sensitive financial information, which placed 159 million individuals at risk of identity theft or financial fraud.
• 66 percent of breaches involved sensitive demographic information such as Social Security numbers.
• 65 percent of the breaches exposed general medical or clinical information.
• 35 percent of breaches compromised service or financial information.
• 16 percent of breaches only exposed medical or clinical information without exposing sensitive demographic or financial information.
• 76 percent of breaches included sensitive service and financial information such as credit card numbers – Those breaches affected 49 million individuals.
• 2 percent of breaches compromised sensitive health information – Those breaches affected 2.4 million individuals.