Dive Brief:
-
Personal health data for nearly 1 million seniors wound up online after a software developer mistakenly posted a database with patient information online, according to ZDNet and DataBreaches.net.
-
The developer worked with healthcare telemarketer HealthNow Networks of Boca Raton, Florida, to create a customer database three years ago. HealthNow Networks, which is now defunct, provided medical supplies to diabetic patients.
- The database included names, addresses, dates of birth, telephone numbers, emails, Social Security numbers, health insurance companies, policy numbers and medical conditions. Many of the leaked records were truncated or incomplete. Diabetic patients gave their personal information to HealthNow Networks in exchange for paying less for diabetic supplies.
Dive Insight:
The database included 321,920 unique email addresses, which could open people up to spam, malware and ransomware.
Health data has become a target for hackers. The healthcare industry was the victim of 88% of all ransomware attacks in the U.S. last year. In June 2016 alone, there were more than 10 million patient record breaches. Cybersecurity experts and health leaders have grown increasingly concerned about the need to protect patient records from online hackers.
About 80% of U.S. healthcare organizations plan to increase data security spending this year and data breaches are a significant driver of spending. A report from Ponemon Institute found that nearly 90% of healthcare organizations studied have experienced a data breach that involved patient data being lost or stolen in the past two years. The same report found that health data breaches are costing the industry an estimated $6.2 billion.
Federal leaders have also spoken out about the issue, including President Barack Obama. Presenting his 2017 budget, the former president called for insurers and other healthcare stakeholders to “take new and significant steps to enhance their data stewardship practices and ensure that consumers can trust that their sensitive health data will be safe, secure, and available to guide clinical decision-making."