Medical Identity Theft
According to an Accenture survey, 36% of respondents reported that the breaches happened in hospitals. An NCBI survey concluded that the size and status of the institution is positively associated with the risk of data breaches. Below is an overview of our findings.
According to a study by Accenture, about 26% of U.S. consumers have had their personal medical data stolen from healthcare systems, 50% of whom became victims of identity theft. Those who experienced breaches were forced to pay about $2,500 out-of-pocket, on average. Most fraudsters used the stolen identities to purchase medical items, pay for care, or filling prescriptions.
According to the Accenture survey of about 2,000 U.S.-based consumers, 36% of respondents reported that the breaches happened in hospitals, 22% in urgent-care clinics (free-standing ERs), 22% in pharmacies, 21% in physicians' offices, and 21% in health insurers officers. Therefore, hospitals have the highest prevalence of medical identity theft followed by free-standing ERs, pharmacies, physicians' offices, and health insurers officers.
In 2017, the NCBI performed an analysis to determine the type of hospitals that face a higher risk of data breaches using historical information on medical data breaches that took place between 2009 and 2016. The NCBI's analysis found that the breached hospitals had a median number of 262 hospital beds. Notably, the hospitals that had reported a breach had between 137 and 461 beds. In contrast, the surveyed hospitals that were never breached had a median number of 134 (64-254) beds. Based on this survey, hospitals with a higher number of beds have a higher identity theft prevalence than those with fewer beds.
The Accenture report listed free-standing ERs as the second most vulnerable location. While there was no report or surveys on the type of free-standing ERs that face a higher risk of data breaches, the NCBI survey concluded that the size and status of the institution is positively associated with the risk of data breaches. To determine whether this logic applies to urgent-care centers, recently-breached facilities were examined. The research team discovered that free-standing ERs are ranked according to the number of patients served and not the number of beds. The free-standing ER centers that were recently breached had records for between 13,000 and 200,000 patients. These figures are similar to the statistics for the number of victims of hospital data breaches for the breached hospitals from the NCBI survey. Therefore, we can conclude that its true that the size and status of the free-standing ER institution is positively associated with the risk of data breaches.