Report: 45% of Americans have had records compromised

Almost 45 percent of Americans have had their sensitive health information compromised via a cyberattack, according to a white paper from iSheriff, a provider of cloud-based enterprise device security.

The New Healthcare Crisis: Cybercrime, Data Breaches and the Risks to Patient Records highlights the largest breaches and points out that the five-year total is more than 143 million compromised patient records which is more than one-third of the 319 million Americans. 

"When more than forty percent of the U.S. population has been a victim of a data security breach, we must recognize this as an epidemic that can and will hit any healthcare provider," said Paul Lipman, iSheriff CEO. "These breaches not only cost time and money, they risk compromised medical records that could impact health diagnoses and outcomes. Cybercrime is the new healthcare crisis."

iSheriff's analysis relies on publicly available information and may even understate the severity of the problem, according to a release. Many organizations may not even realize they have been breached until months later. 

Medical identity theft not only results in financial damage, but can impact health outcomes. If a stolen medical identity is used to receive care, the new data could alter or become integrated into the existing records and result in inaccurate diagnoses. Even after an error has been identified, medical privacy laws make it difficult to disentangle the fraudulent medical details from the legitimate information.

The iSheriff white paper highlights several factors responsible for the rise in healthcare breaches: the threat environment is changing rapidly; point products create gaps in security posture; roaming users make the network porous; and healthcare providers face significant resource constraints. In addition, new healthcare IT initiatives promising to enhance the quality of care can increase information security risks—such as networked patient record keeping devices, internet-connected fetal monitors, electrocardiograms and temperature sensors.

"Any healthcare organization collecting and storing patient data is vulnerable," said Oscar Marquez, iSheriff's COO. "The targets span the smallest physician practices, clinics and labs to regional hospitals, HMOs and PPOS and the largest national providers."

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.