Identity thieves getting better at stealing patient data

May 12, 2008 — 5:59am ET

Tools

Tags
hospitals
Electronic Medical Records (EMRs)
HIMSS
patient data
medical records
medical record
security breaches

Where they once focused on banking data and credit card statements, identity thieves have become increasingly focused on breaking into patient data systems, observers say. Medical records offer a rich trove of information for an identity thief, often including not only health insurance account numbers and billing addresses, but also dates of birth, Social Security numbers and even credit information. That's particularly the case with hospitals which, since they offer costly services, may do more credit research on a patient.

Security industry researchers note that many hospitals haven't taken adequate steps to prevent malicious clinical data breaches, perhaps unaware that in addition to posing great risk to patients, each intrusion can cost $200 per record and $6.3 million per incident. Instead, many hospital IT departments are focused more on implementing or supporting EMR rollouts, according to a survey announced at HiMSS '08.

To learn more about medical record theft:
- read this USA Today article

Related Articles:
The growing problem of medical identity theft
NY hospital worker charged with massive file theft
California expands health data breach rules
U.S. hospitals have security 'blind spot'