The 7 Biggest Health Data Breaches in the US

We live in an age where personal data is everywhere, ripe for the taking. Your health information could be the next target for hackers. 

“There is nothing you can do to prevent your identity … private, personal information … from being stolen or misused by an identity thief,” said Paul Ferron, who heads business development for Ascente, a Denver-based company that runs the LibertyID identity theft and restoration service. “Unfortunately, our healthcare system lacks the control and governance to provide any security.”

Related News: How Online Reviews are Changing the Healthcare Game »

Ferron noted that about 50 percent of all identity theft involves medical data, not financial data. The Identity Theft Resource Center reports that the healthcare industry experienced more data breaches last year than ever before.

The cost of medical care as well as the ‘street value’ of prescription drugs (such as oxycodone and other opioids) has increased the value of medical information.
Paul Ferron, Ascente

Health data breaches made up 44 percent of all breaches, to be exact, and surpassed all other types of identity theft.

Identity thieves use health data to file false tax returns or open lines of credit, but also to claim medical benefits and services, such as prescription drug coverage, in someone else's name.

“The cost of medical care as well as the ‘street value’ of prescription drugs (such as oxycodone and other opioids) has increased the value of medical information,” Ferron explained. He said that in some cases, identity thieves can change information in medical records, which can have grave consequences for patients.

Read More: States with Legal Marijuana See 25 Percent Fewer Prescription Painkiller Deaths »

Think it can’t happen to you? Take a look at the seven largest U.S. health data breaches reported to the federal government thus far:

1. Information on 4.9 million Tricare Management Activity beneficiaries was stolen from a Science Applications International Corporation employee’s car in 2011.

2. This year, Complete Health Systems, based in Tennessee, reported that a network server was hacked and personal information was stolen, affecting 4.5 million people around the country.

3. Illinois-based Advocate Health and Hospitals Corporation reported the theft of company computers, which impacted almost 4.03 million individuals in 2013.

4. Health Net in California had a data breach in 2011 that affected 1.9 million people. In that case, IBM alerted Health Net that several unencrypted server hard drives were missing from a California-based data center.

5. Between 2013 and 2014, the Montana Department of Public Health and Human Services reported a breach that affected more than 1.06 million people. A network server was hacked and patient data stolen.

6. In 2011, the Nemours Foundation reported it had lost three data tapes containing 10 years' worth of information on 1.05 million patients. The tapes, and the cabinet they were in, went missing from a Delaware facility; the company said it may have happened during a remodeling project.

7. In 2009, Blue Cross Blue Shield of Tennessee reported a breach when hard drives were stolen containing information on more than 1.02 million patients.

According to a recent Reuters report, medical information is worth about 10 times more than credit card numbers on the black market. Last month, the Federal Bureau of Investigations (FBI) put out an alert to healthcare organizations to be on the lookout for data hackers.

The FBI said it had observed “malicious actors targeting healthcare-related systems, perhaps for the purpose of obtaining Protected Healthcare Information ... and/or Personally Identifiable Information."

Related News: New Database Project Will Make MS Research Available to All »