Healthcare Data Breaches in US Affect Over 40 Million People in 2021

This year, healthcare data breaches in the US have affected over 40 million people, according to the US Department of Health and Human Services data breach portal.

An overview of security incidents between January and December 2021 has revealed 580 data breaches, the latest of which exposed the personal health information (PHI) of approximately 400,000 Planned Parenthood Los Angeles (PPLA) patients.

The incident was the result of a ransomware attack, and according to PPLA, the attackers stole patients’ names, addresses, dates of birth and other health-related info.

Personal health information (PHI) is highly valuable for cybercriminals as it can contain sensitive data such as medical insurance numbers, Social Security numbers, account numbers and additional health details used in identity theft-related crimes.

Stolen healthcare records are easily sold on dark web marketplaces, fuelling a variety of illegal schemes as it allows fraudsters to access patients’ medical services, apply for loans or credit cards and file tax returns without the victims' knowledge. Sensitive health information can also be used in targeted extortion attacks against victims.

The high value of PHI for cybercriminals stems from its long shelf life compared to other personal information. While credit cards can be canceled once compromised, medical histories never change.

Telltale signs of medical identity theft include:

• You are denied medical insurance
• Debt collectors call you regarding unpaid medical bills you are not aware of
• Your medical insurance or healthcare provider says you’ve reached your benefits limit
• Your health records have been altered and show medical conditions you do not have

If you receive a data breach notice from a healthcare service, notify your insurance provider and check your statements for suspicious information or mismatches. Depending on the extent of the data breach, keep an eye on your financial accounts and place a fraud alert on your credit report, and file an identity theft report with the FTC to help you recover.

Cyberattacks and data breaches occur daily. Whether it’s a healthcare provider, e-commerce platform or your go-to social media platform, the best way to protect against side effects is to be informed and spread awareness among friends and family.

Check now if your info has been stolen or made public on the internet, with Bitdefender Digital Identity Protection tool. The service only uses your email address and phone number to check for possible privacy-related issues, and alerts you whenever data associated with your online accounts is leaked.