Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
When you seek medical attention, you supply the healthcare entity with a wide range of personal and financial information. Additionally, you also trust that the provider will safeguard the confidential health information documented in connection with your visit.
Although federal HIPAA regulations and state laws are in place to protect your medical records from wrongful disclosure, unfortunately they don’t always prevent cybercriminals from accessing medical records that are stored electronically.
Significantly, there were more than 600 health care related data breaches in 2020, affecting nearly 29 million medical records.
What information can cybercriminals obtain by accessing health records?
Medical records contain many personal identifying characteristics for individuals, including social security numbers, credit card information, addresses, telephone numbers, family history, physical descriptors, and sometimes even photos. Critically, the value of a medical record to a cybercriminal is dependent upon how much information is included. In some cases, a single medical record can be sold on the dark web for up to $1,000.
Stolen medical records are used by cybercriminals to submit fraudulent medical claims, acquire controlled substances, create false identities, and for ransomware or extortion purposes. Unlike identity theft involving banking information in which you can obtain a new account number or social security number if your data has been compromised — your medical history cannot be changed.
Critically, it is also typically much longer before a health care security breach is uncovered, compared with a breach associated with stolen banking or credit card information. This can lead to even more personally identifiable information being stolen over an extended period of time.
What healthcare entities can be affected by a data breach?
Regardless of the precautions that are taken to protect electronically stored patient information, any healthcare entity can be affected by a data breach. Over the last few years, the records at countless hospitals, laboratories, dental offices, rehabilitation centers, and nursing homes may have been subject to cyberattacks.
There have even been instances in which healthcare-related apps have been breached due to weak encryption or security flaws. In fact, according to healthcareglobal.com, 85% of COVID-19 tracking apps were found to have leaked data.
In some cases, it is not always the computer system at the healthcare facility itself that has been breached. With the increased use of electronic medical records throughout the last decade, many medical entities use cloud-based storage. Effectively, if a hacker is able to gain access to the information stored by a cloud provider, the medical records at dozens of facilities can be stolen.
This was the case in the biggest healthcare breach in 2020 — the Blackbaud security breach. In this cyberattack, the medical records of more than 10 million patients at 22 different institutions were exposed during a data breach that continued for a month until the incident was detected. Not only were the medical records of those who treated at facilities that used the cloud-based provider compromised, but the bank account numbers of at least 10% of the patients were also breached.
What can you do if you were affected by a healthcare data breach?
If you were made aware that your personal identifying information was compromised by a data breach due to a healthcare facility’s failure to take proper cybersecurity measures, you may be able to take legal action. An experienced attorney can best advise whether you have a claim and might be entitled to recovery by filing a data breach lawsuit.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
20 thoughts onHealthcare data breaches: what you need to know
ADD ME PLEASE
Received a letter for myself and my husband the our records were exposed due to breach from DuPage Medical Group. Please add.
Please add me
Add me please
In car accident, in hospital, day getting home, a company called to verify I purchased a $400 ladies belt, we said not, called police, they know where the item for shipped to, they have my info social security everything. We had to put fraud safety and still have that on, so now ever time I try and apply for anything it takes longer because I have to keep that safety, it’s a constant worry for me. And constant pain. Add me
Add me
Add me please