ICFE eNEWS #16-18 - June 27th 2016
View this eNEWS online
Brookings Institution Study: Healthcare Single Most Prevalent Area for Data Breaches
By Yan Ross, Director of Special Projects, ICFE
According to a recent Brookings Institution study, healthcare data breaches are on the rise.
Some 23 percent of all data breaches occur in healthcare and have impacted 155 million
Americans in almost 1,500 breaches in the past six years.
Despite measures to promote greater public awareness, increased security measures, and rising
government fines, the total number of breach victims tripled in the last two years alone. Part of
this growth is attributable to the high per-record cost of loss for healthcare data breaches: $363,
the highest of any industry in the survey, and the black-market value of this information.
The author, Niam Yaraghi, a fellow with Brookings' Center for Technology Innovation,
interviewed 22 IT leaders within healthcare provider and insurance companies. Among his
conclusions: healthcare data is more valuable than many other forms of personal identification
because information such as birth dates, Social Security and insurance ID numbers don't change,
and criminals can charge premium prices on the black market.
According to the study, the proliferation of sharing digitized personal health data among insurers
and other providers contributes to the likelihood of breaches. It appears that federal health
agencies encourage the sharing of electronic health records before providers and payers put
adequate security measures in place, with particular concern about concentrating on
According to the author, it's unrealistic to expect small community hospitals to devote the
resources to combat well-funded and determined criminal organizations intent on breaching their
data, particularly when large national banks, retail chains and even the federal government have
been hacked. Nonetheless, "that should not prevent hospitals from keeping their systems
updated and avoiding the kinds of human errors responsible for most data breaches," Yaraghi
He also pointed out that healthcare organizations can adopt better practices and policies to
prevent lost laptops, misplaced hard drives and employees clicking on suspicious files hiding
malware and spyware. His recommendations include healthcare organizations prioritizing
patient privacy and protecting it. At the very least, healthcare firms should share information
about data breaches and exchange best practices and lessons learned.
Two other points were emphasized by the author:
More information is
- Healthcare organizations should invest in cyber insurance, though the market for such
products may not offer coverage for all situations.
- The HHS Office for Civil Rights, which is charged with investigating healthcare data
breaches, should better disseminate information about its audits and investigations.
Government-imposed penalties for healthcare data breaches are not adequate to solve the
problem; more guidance on how to prevent and remediate breaches is more appropriate.
The ICFE's Certified Identity Theft Risk Management Specialist® XV CITRMS® course is
now available both in printed format and
The Textbook and Desk Reference edition of the course book is also available
Bulk pricing and discounts for veterans and students
available. Inquire at email@example.com
Yan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft
Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20
years, he has addressed Identity Theft Risk Assessment and management for consumers,
organizations holding personally identifiable information, and professionals who work with
individuals and organizations who are at risk of falling victim to identity thieves.
ICFE eNEWS is available FREE upon request by visiting the ICFE's
and filling out the contact form, selecting "Yes" for "Add to Mailing List."
Please pass this eNEWS on to your peers and interested others and
invite them to subscribe for free. Also, visit the ICFE's new Web site:
Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)
ICFE - Institute of Consumer Financial Education -