Patient Healthcare Data is in “Critical Condition”

Nurse Checking Patient Information on Tablet

If you’ve been following 2019 data breaches as closely as EZShield + IdentityForce, you would likely notice a disturbing trend. The list is riddled with hospitals, health networks, and other healthcare providers — many of whom were compromised due to employee error or a lack of basic cybersecurity protocols.

It’s not a coincidence. Patients’ Protected Health Information (PHI) is extremely valuable to hackers and cybercriminals who can use it to commit medical identity theft or sell it on the Dark Web for profits. And, according to a newly-released study conducted by the Online Trust Alliance, the healthcare industry ranks last when it comes to protecting consumer data.

According to the Identity Theft Resource Center, a total of 9,927,798 records were exposed through healthcare data breaches in 2018 — an almost 50 percent increase from 2017.

Hospitals are at Serious Risk

Being connected to the internet is vital in healthcare — from updating patient health records and capturing lab results, to operating critical equipment and monitoring prescriptions. Health organizations are being targeted with ransomware, with hackers holding digital files and system access hostage until a ransom is paid. The impact of these disruptions can have life-threatening consequences to patients as well as to the security of their health data.

In 2019, there have been several severe healthcare data breaches, including:

  • UW Medicine | 1 Million Records Exposed
    • Names, medical record numbers, and a description of individual’s information
  • UConn Health | 326,000 Records Exposed
    • Names, dates of birth, addresses, Social Security numbers, and limited medical information
  • Zoll Medical | 277,319 Records Exposed
    • Names, addresses, dates of birth, Social Security numbers and medical information
  • Health Alliance Plan | 120,000 Records Exposed
    • Names, addresses, dates of birth, member ID numbers, healthcare provider names, patient ID numbers, and claim information

In April of 2019, announced that consumers can use their digital assistant, Alexa, to engage in tasks like ordering prescriptions, sharing personal health information, and scheduling medical appointments. Not long after this was announced, news broke that employees of are listening in to your conversations with Alexa and sharing that information internally as part of their “quality of response” analysis. The injection of artificial intelligence into our medical health cadence may fuel new vulnerabilities, not to mention violate the Health Insurance Portability and Accountability Act (HIPAA).

The Threat of Medical Identity Theft

Data breaches within hospitals and health insurance companies are leading to issues in patient care while also putting patients at risk of identity theft. Medical identity theft occurs when a criminal uses your Personally Identifiable Information (PII) along with your healthcare information to extract medical care at your expense.

Keep an eye open for the red flags of medical ID theft, such as receiving a bill for medical services you did not receive, or getting a letter from your health insurance provider claiming you have reached your benefits limit. Save yourself the headache and be proactive about protecting yourself and your family from identity theft.

Tips to Protect Your Medical Identity

  1. Review your insurance benefits. Request a list of all doctor visits and benefits received under your policy for the past year from your health insurer.
  2. Monitor your credit report. If you uncover unpaid medical bills, this could be a warning sign someone has used your medical identity – this could also impact your credit status.
  3. Keep your medical records stored securely. Safeguard necessary paper copies of medical records and health insurance information by locking them in a file cabinet or other secure location, and safely shredding them when no longer needed.
  4. Stay up to date with the latest breaches:

Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!

Follow us on social!
Facebook | Twitter | LinkedIn 


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

Steve Turner, Chief Information Security Officer
Steve is the Chief Information Security Officer (CISO) at Sontiq, the parent company of the EZShield and IdentityForce...
Read more about Steve Turner.

Leave a Comment.