The year 2017 was dubbed “The Year of the Data Breach” by the Bloomberg company, and for good reason. Of the 1,253 publicly reported data breaches that made 2017 the most data breach-prone year on record yet, nearly 40 percent were healthcare-related.

Last year, 477 healthcare breaches were reported to the U.S. Department of Health and Human Services (HHS) or the media, a slight increase from the previous year’s 450, according to the Protenus Breach Barometer, which tracks disclosed breaches that impact the healthcare industry. Information available for 407 of those incidents, shows that a total of at least 5.579 million patient records were affected over the course of the year. Although there were more breaches overall in 2017, the number of patient records that were compromised was significantly lower than 2016’s overwhelming 27.3 million records, showing that the scale of each breach was much smaller.

The Severe Consequences of Healthcare Breaches

Health information breaches can have serious consequences for both healthcare providers and their patients. Not only does patient information include a variety of personal identifying information (PII) that cyber criminals can use for identity theft such as name and address, date of birth, Social Security number, driver’s license number and insurance and financial account information, it also includes extremely private and personal information related to a patient’s physical condition, medical ailments, disabilities, smoking status, sexual behavior, drug or alcohol use, mental health concerns and more.

In addition to the financial implications of a data breach, there are other less-often talked about ramifications such as damage to the reputations of both the provider and the patients. In the highly-publicized data breach of insurance giant Aetna in 2017, improper disclosure revealed the HIV status of over 11,000 individuals. Aetna agreed to a settlement of $17 million, but for the patients whose HIV status had suddenly been exposed, the damage had already been done.

Risk management is important for every organization, and possibly more so for those in the healthcare realm. Any healthcare provider that utilizes a computer network, holds, transacts, processes and/or stores information or contracts with a vendor to do so on their behalf is at risk for a security/privacy exposure. Events such as the Aetna data breach make one thing clear: every business needs to be aware of risks like these, as well as devote additional attention toward mitigating IT risks and working with an agent who is an expert in the healthcare facilities insurance market.

 

About Highland Risk Services

At Highland Risk, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. With offices to serve you in Chicago, Illinois and Phoenix, Arizona, we do everything we can to make your experience with us as professional and transparent as possible. To learn more, contact us at (847) 832-9100.