A recent survey by The Identity Theft Resource Center (ITRC) reported that medical identity theft accounted for 43.8 percent of all identity thefts reported in the US last year. The medical/healthcare segment accounted for the largest number of breaches, with other segments including business (34.4% of breaches), government/military (9.1%), educational (9.0%), and banking/credit/financial (3.7%). The ITRC further reported that this is the first time since 2005 that the medical/healthcare sector accounted for more breaches than the business sector.
We already know that healthcare is lagging behind other these other industries in terms of the technology used to prevent and protect criminal attacks on their networks and sensitive information. 
Recently the FBI issued a notice to the healthcare sector warning them of an increase in cyber-attacks on devices, which are increasingly being connected to networks, and other systems.
We also know that medical information is highly desirable to identity thieves because it commands a higher cost on the black market. The ITRC, a non-profit organization established to help victims of identity theft and broaden public awareness and understanding of identity theft, cites the two top types of medical identity theft as: (1) someone accessing your personal information and using it to have medical procedures done and (2) using that same information to apply for government benefits, such as disability or worker’s compensation. We’ve also alerted our readers of cases involving victims’ personal information being used to file fraudulent IRS tax returns.
Healthcare organizations should take heed of these survey results and other recent trends, and tighten their security procedures in order to fully comply with the federal laws governing the confidentiality of medical records. The HHS has been preaching for some time the importance of encryption. Multiple surveys, including this recent one from The Ponemon Institute, have found that the theft of mobile devices containing protected health information of patients is most common cause of data breaches in healthcare organizations.
Eagle Consulting Partners can perform a HIPAA Compliance Audit for your organization, which looks at your both your HIPAA compliance level and your compliance with the HITECH Breach Notification regulations, and prioritizes recommendations to improve your organization’s practices. Eagle can also complete a computer security risk analysis, which is required under 45 CFR 164.308(a)(1) and assist with implementing security updates to correct deficiencies identified.
The message is clear; thieves want this information now more than ever and protecting it must be a top priority for healthcare organizations.
