High Number of Healthcare Data Breaches Takes Toll on Identity Health
In a time when the risk to our personal health has been a paramount concern, the rash of healthcare breaches is threatening the identity health of millions. The risks these breaches create are often misunderstood because of a natural set of assumptions about how breached data is misused.
The common misconception: when a particular type of personal data is compromised, criminals then use it to commit fraud at the same type of organization from where it was stolen.
This assumption makes sense for certain types of breaches. When there’s a credit card data breach at one merchant, one would assume that criminals stole the data to rip off another merchant somewhere else. Even with merchant breaches, criminals use the compromised data in more ways than is readily apparent to most of us.
Healthcare breaches, however, create the greatest and most diverse set of risks to the health of our individual identities. Let’s illustrate the danger of healthcare data breaches by dissecting a real-world example: UC San Diego Health.
Examining Healthcare Data Breaches
The recent data breach at UC San Diego Health is a perfect example of how the compromise of a healthcare provider can wreak havoc on individuals’ lives. UC San Diego Health is among the highest-rated providers of healthcare, according to US News and World Reports. That rating is little solace to their patients as potentially all their personally identifiable information (PII) — as well as data on their health — was compromised. After gaining entry to systems of UC San Diego Health using the login credentials of employees, criminals were able to access a wealth of PII, including:
- Social Security numbers
- driver’s license information
- payment information
- health information
- basic contact information.
This data compromise opens the gate for criminals to cause considerable pain to the affected patients. Just because healthcare information was stolen does not mean that criminals will limit their misuse of the compromised data to healthcare-related fraud and scams.
The breadth of the information stolen exposes UC San Diego Health’s patients to a high risk of numerous identity threats, such as:
- New credit and deposit accounts opened in a victim’s name as criminals are armed with the core PII elements banks and credit unions use to verify identity during account opening.
- Fraud on existing accounts as personal information is often used to authenticate (or verify) the identity of customers who need access to their accounts by phone or to complete a password reset online.
- Targeted scams impersonating a wide variety of third parties, not just UC San Diego Health (which they could easily and convincingly do when armed with a patient’s healthcare history). For example, payment card data allows criminals to effectively impersonate card-issuing banks and credit unions to solicit more personal information. The data can also be used to convince these patients to unwittingly transfer funds to fraudsters.
Rating the UCSD Health Data Breach Risk
One sure way to grasp the severity of a healthcare data breach is to compare the risk to victims via a rating system and compare the risk rating to other breaches. Sontiq’s BreachIQ technology thinks like a criminal, considering how successfully different types of fraud and scams could be committed based on the data stolen in each and every data breach. Another recent breach, the Guess data breach, was rated a 6. The Sontiq BreachIQ score for the UC San Diego Health data breach is a 10 (on a 1 to 10 scale).
In isolation, a breach like UC San Diego Health is rightfully alarming – not only for the affected patients, now victims but also for the rest of us. It paints a picture of just how vulnerable the sensitive (and private) information our healthcare providers hold about us is.
Unfortunately, this is very far from an isolated incident. Last year, according to the Department of Health and Human Services, more than 1 million consumers each month had their data compromised in a healthcare breach. Healthcare providers large and small continue to be purposefully targeted for their data., Their patients’ data can be exposed as a byproduct of increasingly common ransomware attacks.
Most healthcare providers retain a similar breadth of data on their patients to that compromised at UC San Diego Health. When they are compromised, they often score at the top of the BreachIQ scale. That means that every month, millions of us are being exposed to serious identity health risks by the very organizations tasked with preserving our physical and mental health.
Protecting Identity Health
We are not helpless! To be the best advocates for our own identity health, consumers must take control of their data and how it’s used. This means knowing when your data is exposed and the risks that the exposure creates and taking the exact, proper steps to prevent misuse of that data. That knowledge can help you combat the misconceptions around how our identity health is being affected by data breaches and empowering all of us to make better decisions about staying healthy.
Healthcare providers can also arm themselves to overcome a myriad of cyber-security issues by knowing what steps to take. Learn how Sontiq can help keep employees’ and patients’ identities secure. We pride ourselves on staying ahead of the evolving risks and are here to provide you with the support you need.