Health information security breaches and identity theft have become an epidemic with losses occurring across the country.
In fact, according to a recent Ponemon Institute study sponsored by the Medical Identity Fraud Alliance, medical ID theft has increased by 21.7 percent since 2013. Additionally, data from the Department of Health and Human Services indicates that health data on more than 120 million people has been compromised in more than 1,100 separate breaches since 2009.
In May 2015, CareFirst BlueCross BlueShield, the largest health insurer in the Mid-Atlantic region, reported a cyber-attack that affected 1.1 million past and present customers. This comes on the heels of the February 2015 data breach at Anthem, the second-largest health insurer in the United States that affected about 80 million customers, and Premera Blue Cross’ reported cyber-attack that may impact as many as 11 million people.
These attacks reflect an unsettling pattern in cybercrime as identity thieves expand their target from the financial sector into healthcare.The mere fact that health records are now digital makes them a prime target. Providers have now moved rapidly into the digital space and many don’t deploy the same robust security measures taken by their banking counterparts.
Furthermore, patients now have unprecedented access to their health information thanks to the widespread use of patient portals. With providers, payers, pharmacies, labs and patients all having access to sensitive records, information security becomes vulnerable to the weakest link in the data chain.
To compound the issue, stolen medical identity information is extremely valuable. While a purloined credit card number might fetch $10 on the black market, a stolen medical identity can bring in more than five times that amount.
So, what’s the solution? Other major industries including financial services, telecommunications and insurance have been using Big Data and analytics for years to protect their online portals, minimize risk and reduce fraud losses.
When applied in a healthcare setting, it is these same techniques that will enable professionals to gain insights that can be turned into actions to protect patient data. For example, identity-matching tools can confirm whether a patient or a physician is who they claim to be, and analyzing data and usage characteristics can more effectively assess the risk of a patient’s remote interaction.
In essence, by utilizing these techniques, data can be a force for good – good for the patient, good for the healthcare provider and good for the industry.