Almost 45 percent of Americans have had their sensitive health information compromised via a cyberattack, according to a white paper from iSheriff, a provider of cloud-based enterprise device security.

The New Healthcare Crisis: Cybercrime, Data Breaches and the Risks to Patient Records highlights the largest breaches and points out that the five-year total is more than 143 million compromised patient records which is more than one-third of the 319 million Americans. 

"When more than forty percent of the U.S. population has been a victim of a data security breach, we must recognize this as an epidemic that can and will hit any healthcare provider," said Paul Lipman, iSheriff CEO. "These breaches not only cost time and money, they risk compromised medical records that could impact health diagnoses and outcomes. Cybercrime is the new healthcare crisis."

iSheriff's analysis relies on publicly available information and may even understate the severity of the problem, according to a release. Many organizations may not even realize they have been breached until months later. 

Medical identity theft not only results in financial damage, but can impact health outcomes. If a stolen medical identity is used to receive care, the new data could alter or become integrated into the existing records and result in inaccurate diagnoses. Even after an error has been identified, medical privacy laws make it difficult to disentangle the fraudulent medical details from the legitimate information.

The iSheriff white paper highlights several factors responsible for the rise in healthcare breaches: the threat environment is changing rapidly; point products create gaps in security posture; roaming users make the network porous; and healthcare providers face significant resource constraints. In addition, new healthcare IT initiatives promising to enhance the quality of care can increase information security risks—such as networked patient record keeping devices, internet-connected fetal monitors, electrocardiograms and temperature sensors.

"Any healthcare organization collecting and storing patient data is vulnerable," said Oscar Marquez, iSheriff's COO. "The targets span the smallest physician practices, clinics and labs to regional hospitals, HMOs and PPOS and the largest national providers."