169 Million Patients have their Data Compromised in Hospital Cyber-Attacks
A study has identified the types of sensitive patient data that get stolen during hospital data breaches, raising serious concerns about patient privacy.
The study analysed 1,461 hospital data breaches that took place in the USA between October 2009 and July 2019 and estimated that 169 million patients had their personal data compromised in this period.
An Easy Target
Hospitals are a valuable data source for hackers, as patient’s personal details are frequently stored on insecure servers. The patient information that hackers can extract include names, addresses and contact details; financial information including payments details; and medical information such as diagnosis or treatment.
The study classified social security numbers, driver’s licenses, birth dates, payment cards and bank accounts as sensitive information that could be used to facilitate identify theft. Sensitive medical information includes any sexually transmitted disease or cancer diagnosis, as well as any problems related to sexual abuse, drug abuse or mental health.
Patient Privacy is Compromised
70% of hospital data breaches compromised information that could be used to facilitate identify theft. There were also 20 breaches, affecting 2 million people, that resulted in breaches of sensitive medical information. The release of sensitive medical information takes away a patient’s privacy and has the potential to be used for blackmail.
Protecting Data for the Future
Understanding exactly what information hackers are after can help hospitals ensure their security systems are strong enough to withstand cyber-attacks. Current initiatives that aim to promote data sharing between healthcare institutions, to further research efforts, could leave hospitals even more vulnerable to cyber-attacks. However, failing to protect patient’s data could lead to a breakdown in trust between the public and healthcare institutions, which could hinder research efforts in the long-term. It is clear that furthering research must not come at the expense of patient’s privacy.