Consumers More Concerned About Financial Data Compromise Than Healthcare Data Breaches

February 07, 2023 - Healthcare data breaches did not slow down in 2022, impacting more than 590 organizations and upwards of 48 million individuals.

In fact, healthcare data breaches accounted for 22 percent of the breaches handled by corporate investigation and risk consulting firm Kroll in 2022, the company’s latest report noted, compared to 16 percent in 2021.

Despite healthcare overtaking the finance sector as the most breached industry, Kroll’s data showed that the most breached industry did not necessarily translate to the most concerned consumers.

“While health care may have suffered the largest proportion of incidents in 2022, the number of incoming calls related to these data breaches and the number of consumers which take up identity protection—often a combination of identity and credit monitoring—were still less than in the finance industry,” Kroll noted.

Only 32 percent of calls received by Kroll in the aftermath of data breach notifications related to healthcare data breaches, compared to 49 percent for financial breaches. Additionally, 69 percent of individuals involved in financial breaches took advantage of monitoring services, compared to just 20 percent in healthcare.

“This potentially reveals that consumers are more concerned about their financial data than personal data related to [healthcare].  While in both industries personally identifiable information is at risk, given those looking to utilize this information—often cybercriminals—are largely perceived to be doing so for financial gain, it is understandable that financial data would be perceived to be more sensitive than health information,” Kroll stated.

“In reality, however, much of the data gathered from [healthcare] organizations—for example, social security numbers—could be used to set up fraudulent accounts and transactions.”

Kroll acknowledged that “understanding the drivers behind the Data Breach Outlook figures is subjective, and it is important that businesses combine this data with their own insight from talking to customers and market research.”

Although this data suggests that healthcare data breach victims are not leveraging monitoring services as frequently as those impacted by breaches, it does not mean that the impacts of healthcare data breaches go unnoticed by consumers.

For example, a 2022 report from law firm BakerHostetler found an increase in duplicative lawsuits filed in the wake of data breaches. Multiple settlements have been reached in recent months to resolve class action lawsuits stemming from healthcare data breaches in particular.

In addition to financial losses, many plaintiffs cite time lost, identity theft concerns, and delayed breach notifications as some of the main motivators for filing a lawsuit. Organizations should ensure that they are communicating healthcare data breach risks and notifying impacted individuals of data breaches promptly.

The subsequent settlements can be costly for healthcare organizations, but are often more cost effective than going through lengthy legal proceedings.

Logan Health Medical Center in Kalispell, Montana reached a $4.3 million settlement to resolve a class action lawsuit stemming from a Fall 2021 breach. In addition, Scripps Health recently reached a $3.5 million proposed settlement following a high-profile 2021 ransomware attack that impacted 2.1 million individuals.