“Unlike the financial services industry, health care companies lack measures to adequately prevent identity theft, even as they continue to digitize medical records and other sensitive information.
Twelve years ago, when Nikki Burton was 17, she tried to donate blood for the first time. She was denied without explanation. Perplexed, the Portland, Ore. resident called Red Cross headquarters to inquire, only to learn that her Social Security number had been used to receive treatment at a free AIDS clinic in California, rendering her ineligible to donate blood.
Years later, she wondered if, when asked whether she had any preexisting conditions, that instance of fraud might show up. So she called the Red Cross again. The organization told her that it no longer asked for Social Security numbers and she could donate blood without it. “I said, that’s fine for you guys to receive the donation, but that doesn’t solve the problem of that information existing in your system,” Burton says. “What if it got out?”
In 2013, the health care industry experienced more data breaches than it ever had before, accounting for 44% of all breaches, according to the Identity Theft Resource Center. It was the first time that the medical industry surpassed all others, and stood in stark contrast to the financial services industry, which represented just 3.7% of the total.
Identity theft is so pervasive in health care that, according to a 2013 ID Experts data security survey of 91 healthcare organizations, 90% of respondents had experienced a data breach in the previous two years and 38% had had more than five incidents.”