The risk and financial advisory solution provider Kroll reports that healthcare has overtaken finance as the most breached industry, based on the number of data breaches the firm has been called upon to assist with. In 2022, 22% of the data breaches investigated by Kroll occurred at healthcare organizations, up from 16% in 2021 – a year-over-year increase of 38%.
While the percentage of healthcare data breaches Kroll investigated increased in 2022, consumers appear to be much less concerned about breaches of their healthcare data than they are about breaches of their financial information. 32% of the calls Kroll received from individuals impacted by data breaches were in response to data breaches at healthcare organizations, compared to 49% of calls in response to data breaches at financial institutions. There was a 127% year-over-year increase in the number of calls Kroll received from consumers affected by breaches at financial institutions, yet despite the increase in healthcare data breaches, there was only a 19% increase in calls from consumers about those breaches.
Individuals impacted by data breaches at healthcare organizations are also much less likely to take advantage of the complimentary credit monitoring and identity theft protection services that they are offered. 69% of individuals who were offered these complimentary services following a data breach at a financial institution took advantage of those services, compared to just 20% of individuals who were affected by healthcare data breaches.
While financial data is valuable to cybercriminals and is often misused, data breaches at healthcare organizations also put victims at risk. When personal information is stolen along with Social Security numbers and/or driver’s license numbers, victims are put at risk of identity theft and fraud, so it is surprising that so few victims of healthcare data breaches avail themselves of these services.
It is also surprising considering the number of lawsuits that are now being filed in response to healthcare data breaches. It is common for multiple lawsuits to be filed following a healthcare data breach, often within days or weeks of notification letters being sent. These lawsuits allege victims face an imminent and increased risk of identity theft and fraud as a result of the theft of their personal and protected health information. The lawsuits often also take issue with the short duration of credit monitoring and identity theft services provided to victims.
It is worthwhile noting that there is a growing breach notification trend in healthcare of providing as little information as possible in breach notifications, to the point where victims of the data breaches are unable to accurately assess the level of risk they face. For instance, breach victims are not always told that their data has been stolen in a hacking incident, only that their data has potentially been stolen, or they are not informed that a ransomware gang has published the stolen data on its leak site. This could well be a factor in why so few victims of healthcare data breaches take advantage of these services.
While the data from Kroll appears to suggest that consumers are not nearly as concerned about breaches of their healthcare data as financial information, concern does appear to be growing. There was a 66% year-over-year increase in the number of consumers signing up for credit monitoring and identity theft services following a healthcare data breach, although not nearly as big an increase as finance, which saw a 126% year-over-year increase in people signing up for credit monitoring and identity theft services.
“Understanding the drivers behind the Data Breach Outlook figures is subjective, and it is important that businesses combine this data with their own insight from talking to customers and market research,” suggests Kroll. “It is also true that while an industry may make up less of the overall number of data breach cases, it is not immune from the impact of a data breach and should similarly have playbooks if an incident was to occur.”
The post Few Victims of Healthcare Data Breaches Take Advantage of Free Credit Monitoring Services appeared first on HIPAA Journal.