Q: What percentage of healthcare practitioners who manage protected
health information (PHI) have experienced at least one medical data breach?
A: 80%, according to a Ponemon Institute Study6
Make sure you have an effective medical data breach response plan in place that
helps you comply with industry regulations, including customer notification requirements.
Are you in the Healthcare industry? Learn how to respond in the first 72 hours
of a data breach incident and how best to address the needs of your business as well
as the needs of your clients, employees and customers.
Healthcare Data Breaches and Medical Identity Theft
Managing the Rising Risks of a Healthcare Data Breach
The healthcare industry is rapidly adopting health information technology (HIT).
Sometimes so rapidly security measures are lagging behind, leaving healthcare entities
open to dangerous data breaches.
In the first three years of the Health Information Technology for Economic and
Clinical Health (HITECH) Act of 2009, about 260 data breaches affected more than 10
million patients, according to the U.S. Department of Health and Human Services.
The costs of a healthcare breach for both businesses and affected patients are
HITECH carries violation fines of up to $1.5 million
Data breaches cost the healthcare industry $6 billion per year 1
Healthcare firms spend about $1 million per year, per firm, on data breaches3
Healthcare Data Privacy
The healthcare industry is a particularly attractive data breach target. Healthcare
records have it all: names, Social Security numbers, birth dates, payment information,
insurance identification numbers, protected health information (PHI) and more.
Healthcare entities manage large amounts of both PHI and personally identifying
information (PII). So it’s little wonder why data breach prevention is the leading concern among healthcare
IT decision makers.4
The counterbalance to data breach prevention is breach preparedness. That is, being
ready to meet notification requirements and industry regulations if a data breach
occurs. A data breach response plan can help entities avoid both fines and customer
Medical Identity Theft Puts Patients at Risk
When a healthcare data breach exposes someone’s PHI and/or PII, the risk
of identity theft and medical identity theft rises.
On average, medical identity theft can add up to $20,000 in out-of-pocket expenses
for a single victim5
Consequences of medical identity theft include becoming uninsured for both life
and health insurance
Victims of medical identity theft may receive the wrong type of care due to tampered
Unpaid medical bills sent to collection agencies can damage credit histories and
Data Breach Response
As the use of HIT expands, so does the need for a data breach response plan, one
that includes a proven resolution solution that addresses proper notification. Experian®
Data Breach Resolution has handled some of the largest healthcare incidents to
We have a proven track record of servicing thousands of data breaches and resolving
more than 50,000 cases of fraud. We’ll work closely with you before or after
a breach occurs to help ensure you’re successful.
We handle data
breach notification to help you comply with state and industry regulations. We
also offer a variety of consumer protection products, which you can offer to your
patients to assure them that you care about what’s happening to them.
Contact Experian at firstname.lastname@example.org or 1 866 751 1323
for a personalized pre-breach consultation or an effective post-breach action plan.
1 Ponemon Institute, “Benchmark Study on Patient Privacy and Data Security.”
2 Ponemon Institute, “Second Annual Survey on Medical Identity Theft.”
3 Ponemon Institute, “Benchmark Study on Patient Privacy and Data Security.”
4 Zoomerang, “2010 Health IT Survey.” (2010)
5 Ponemon Institute, “Second Annual Survey on Medical Identity Theft.”
6 Ponemon Institute, “Electronic Health Information at Risk: A Study
of IT Practitioners.” (2009)