The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Few Victims of Healthcare Data Breaches Take Advantage of Free Credit Monitoring Services

Posted By on Feb 9, 2023

The risk and financial advisory solution provider Kroll reports that healthcare has overtaken finance as the most breached industry, based on the number of data breaches the firm has been called upon to assist with. In 2022, 22% of the data breaches investigated by Kroll occurred at healthcare organizations, up from 16% in 2021 – a year-over-year increase of 38%.

While the percentage of healthcare data breaches Kroll investigated increased in 2022, consumers appear to be much less concerned about breaches of their healthcare data than they are about breaches of their financial information. 32% of the calls Kroll received from individuals impacted by data breaches were in response to data breaches at healthcare organizations, compared to 49% of calls in response to data breaches at financial institutions. There was a 127% year-over-year increase in the number of calls Kroll received from consumers affected by breaches at financial institutions, yet despite the increase in healthcare data breaches, there was only a 19% increase in calls from consumers about those breaches.

Individuals impacted by data breaches at healthcare organizations are also much less likely to take advantage of the complimentary credit monitoring and identity theft protection services that they are offered. 69% of individuals who were offered these complimentary services following a data breach at a financial institution took advantage of those services, compared to just 20% of individuals who were affected by healthcare data breaches.

While financial data is valuable to cybercriminals and is often misused, data breaches at healthcare organizations also put victims at risk. When personal information is stolen along with Social Security numbers and/or driver’s license numbers, victims are put at risk of identity theft and fraud, so it is surprising that so few victims of healthcare data breaches avail themselves of these services.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

It is also surprising considering the number of lawsuits that are now being filed in response to healthcare data breaches. It is common for multiple lawsuits to be filed following a healthcare data breach, often within days or weeks of notification letters being sent. These lawsuits allege victims face an imminent and increased risk of identity theft and fraud as a result of the theft of their personal and protected health information. The lawsuits often also take issue with the short duration of credit monitoring and identity theft services provided to victims.

It is worthwhile noting that there is a growing breach notification trend in healthcare of providing as little information as possible in breach notifications, to the point where victims of the data breaches are unable to accurately assess the level of risk they face. For instance, breach victims are not always told that their data has been stolen in a hacking incident, only that their data has potentially been stolen, or they are not informed that a ransomware gang has published the stolen data on its leak site. This could well be a factor in why so few victims of healthcare data breaches take advantage of these services.

While the data from Kroll appears to suggest that consumers are not nearly as concerned about breaches of their healthcare data as financial information, concern does appear to be growing. There was a 66% year-over-year increase in the number of consumers signing up for credit monitoring and identity theft services following a healthcare data breach, although not nearly as big an increase as finance, which saw a 126% year-over-year increase in people signing up for credit monitoring and identity theft services.

“Understanding the drivers behind the Data Breach Outlook figures is subjective, and it is important that businesses combine this data with their own insight from talking to customers and market research,” suggests Kroll. “It is also true that while an industry may make up less of the overall number of data breach cases, it is not immune from the impact of a data breach and should similarly have playbooks if an incident was to occur.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist