Healthcare Information Security

Cybersecurity News

Medical Identity Theft Increases 21%, Says Ponemon Study

By Stephanie Reardon

- When patients’ PHI is stolen, medical identity theft could occur. Moreover, providers that don’t comply with HIPAA standards could face heavy fines, as well as other challenges to their reputation and their patients’ security.


According to the fifth annual Medical Identity Theft study from the Ponemon Institute, medical identity theft increased 21.7 percent since last year. The study is conducted to determine how expansive this crime is within the US and what steps healthcare providers, consumers, and government bodies should take to stop its spread. The results are based on multiple survey returns from 1,005 adult-aged consumers in the US.

Forty-five percent of survey respondents indicated that medical identity theft impacted their reputation, with 89 percent of these respondents expressing embarrassment due to the accidental exposure of sensitive information. Others polled said that they missed out on career opportunities due to identity theft (19 percent) or that it resulted in employment termination (3 percent).

Fifty percent of respondents that had faced medical identity theft said that the crime had a significant impact on the confidence and trust they placed in their healthcare providers, while only 15 percent of respondents that suffered from medical identity theft said it didn’t impact their confidence and trust in their healthcare providers.

  • Conn. State HIE Security Questioned in Auditor’s Report
  • $17M Settlement Agreement Reached in Aetna Data Breach Case
  • How Implementing Secure Messaging Can Benefit Facilities
  • Healthcare Organizations Struggle with Vendor IT Security Risks
  • Will New ‘Poodle’ Web Threat Affect Health Data Security?
  • Anthem Data Breach Public Forums Cancelled at Ind. School
  • Maximizing ONC, HHS Security Risk Assessment Tool’s uses
  • Hospital Data Security Top CIO Priority for Mobile Workflow
  • Patient PHI Compromised by Florida Hospital Employees
  • FDA Updates Medical Device Regulation, Risk Classification
  • CHIME, AEHIS Urge Stronger Medical Device Cybersecurity
  • Exploring small and non-healthcare organizations’ HIPAA needs
  • Did Failed Administrative Safeguards Cause Two Data Breaches?
  • Health data breach report: 137 percent breached record uptick
  • Research Data Privacy Regulations Updated in Final Federal Rule
  • CMS proposes 1-hour HIX data breach reporting period
  • Using, Exchanging Health Data Securely a Challenge, Says OIG
  • Medical Device Connectivity is Goal of Walgreens Partnership
  • Assessing Bitcoin’s benefits, security risks in healthcare
  • Lessons Learned from the Anthem Data Breach
  • Addressing FTC Jurisdiction Over HIPAA Covered Entities
  • What Should Entities Expect for Healthcare Security in 2017?
  • Laptop Theft Results in PHI Data Breach at Counseling Center
  • Boston Public Health responds to patient privacy questions
  • ONC, OCR Revise HIPAA Security Risk Assessment Tool
  • Best Practices for Creating a Strong Patient Portal
  • Regular Employee Training Essential in Healthcare Cybersecurity
  • Cyber crime in hospitals lead to data breach
  • One month until HIPAA omnibus compliance: Current trends
  • EmblemHealth Data Breach Leads to $575K NY State Settlement
  • Homeland Security Issues Ransomware Alert for Networked Systems
  • Healthcare Lags Other Industries in Phishing Attack Resiliency Rate
  • Medical Identity Theft Discussed in New RI Legislation
  • Children’s Mercy Hospital Phishing Attack Impacts PHI of 60K
  • North Country Hospital in battle with ex-employee over breach
  • Southwest General notifies 480 patients of data breach
  • How Wireless Controls Can Impact Health Data Security
  • How Will Healthcare Privacy and Security Fare in 2015?
  • House Subcommittee Talks Connected Device Cybersecurity Issues
  • Coordinating healthcare data privacy with security objectives
  • Maintaining Health Data Privacy in HIEs, Data Exchange
  • Why Healthcare Phishing Scams Are a Key Issue
  • Encrypting healthcare data in motion: NIST TLS best practices
  • Data Security Vulnerabilities Found in CMS Wireless Networks
  • Securing the health public and private cloud platform bridge
  • Patient information breached after office computer theft
  • LabCorp’s Network Security Breach May Have Exposed PHI of Millions
  • DDoS attack considerations for healthcare organizations
  • Managing a health data breach with a response plan
  • Stronger Healthcare Cyber Hygiene Can Improve Patient Safety
  • Medical University of S.C. reports its largest data breach
  • Breaking Down the Evolution of Healthcare Phishing Scams
  • North Lincoln Community Health reports data breach
  • Why Halifax Health Opted for a New Secure Texting Option
  • HIE best practices: Keeping data safe
  • PA Security Breach from Missing External Hard Drive Affects 4.1K
  • Are You Ready for a HIPAA Security Risk Assessment?
  • NIST provides incident response recommendations
  • Tiger Team closes in on behavioral health privacy recommendations
  • Tech Company Agrees to $264K Vermont Data Breach Settlement
  • Medical Device Security Critical with FDA Interoperability Guide
  • OIG: Idaho DOH Medicaid must improve contractor security
  • Healthcare Data Breaches Have Highest Cost, Says Ponemon
  • 36K Notified of Potential Healthcare Data Breach from Mailing Error
  • New Hampshire Hospital Data Breach Affects 15K Patients
  • Are There Cybersecurity Flaws in Medical Devices?
  • PHI Put At Risk after Fla. Community Center ID Theft
  • Are you being proactive against healthcare hackers?
  • A Chief Security Officer’s approach to health data encryption
  • Healthcare Cybersecurity Task Force Seeks Industry Input
  • Using Layered Security for Evolving Cybersecurity Threats
  • More Orgs Seeking Staff for Healthcare Privacy, Security Jobs
  • Mobile Security Essential Healthcare Provider Priority
  • North Country Hospital has second breach in 4 months
  • Health Data Encryption is Critical Aspect for PHI Security
  • Securing healthcare endpoints with thin, virtual technologies
  • Tampa General Hospital investigating another data breach
  • Phoebe Putney Memorial notifies 6,777 patients of breach
  • How VDI can make health IT security more efficient
  • New Image Sharing Program Keeps PHI Safe
  • How HIPAA Rules Can Aid Evolving Technology, Not Hinder It
  • Report Discusses Best Practices for Securely Sharing Data
  • Jersey City Medical Center reports Medicaid patient breach
  • Data Breach Security Bill Passes Amid Concerns
  • Utilizing Healthcare Authentication for Stronger Data Security
  • Class-Action Lawsuit Filed after Allscripts Ransomware Attack
  • Can SSL Decryption Prevent Healthcare Data Breaches?
  • Desk Audits Begin for OCR Phase Two HIPAA Audits
  • FDA Finalizes Medical Device Cybersecurity Guidance
  • Alabama Last US State to Enact Data Breach Notification Law
  • WEDI Outlines Tips for Improving Healthcare Cybersecurity
  • TN Updates Data Breach Notification Law for Encrypted Data
  • ONC, OCR release new HIPAA security risk assessment tool
  • Lawsuit Filed to Avoid Potential Health Data Exposure Fines
  • Maryland Court Dismisses CareFirst Data Breach Lawsuit
  • 2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards
  • HITRUST honing Common Security Framework for 2013
  • Encryption Aspect Amended in CA Data Breach Notification Law
  • ONC Report Highlights PHI Security Gaps in non-HIPAA Entities
  • Healthcare security Q&A with Dell CMO Andy Litt
  • The study also showed that 53 percent of respondents answered that they thought it was very likely or likely that healthcare provider negligence contributed to medical data theft incidents. When asked if they were confident in their healthcare provider’s ability to protect their healthcare records from loss or theft, 68 percent of respondents indicated that they were not, while only 37 percent of respondents indicated that their providers have told them about the security measures taken to protect their information.

    Despite the lack of confidence in their provider’s abilities to keep their PHI secure, 79 percent of respondents said that it’s important for their providers to ensure their data is protected, which is down from 82 percent in 2013. Meanwhile, 48 percent of those polled indicated that if their medical information was lost or stolen they would consider changing healthcare providers.

    However, 40 percent of survey respondents indicated that if a data breach occurred, prompt notification of the problem from the responsible organization is vital. Many individuals polled did not learn about the exposure of their information until three months or more after the incident happened, and 30 percent did not even know when their information became exposed.

    Though completely eliminating medical identity theft is not currently possible, there are methods that a healthcare provider could take in order to protect patients’ PHI. The survey suggests that providers can start with keeping their patients better informed about their privacy rights. Only 19 percent of individuals polled indicated they were familiar with privacy protections within HIPAA, while 35 percent were not familiar with their privacy rights and 34 percent had never heard about their provider’s privacy protections.

    Healthcare providers could also improve the accessibility of healthcare records in order to help protect their patients’ privacy. When polled, 60 percent of survey respondents said they don’t check their health records. Of those respondents, 53 percent indicated they didn’t know how to check their health information records and 35 percent indicated that their records were difficult to access.



    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks

    Continue to site...