The Weekly breach Breakdown Podcast by ITRC - An Apple A Day Keeps The Doctor Away - S4E20

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 28, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we look at the rise in healthcare data breaches and highlight two specific medical data events that could get messy.

Have you ever heard the term “an apple a day keeps the doctor away”? It is a common proverb that appeared in the 19th century, advocating for the consumption of apples, and by extension, if one eats healthy foods, they will remain in good health and will not need to see their doctor often. Maybe that is why our moms packed an apple in our lunch box every day when we were kids. Either way, the saying does not apply to data compromises because, right now, nothing is keeping identity criminals away from healthcare organizations.

The ITRC Sees Rise in Healthcare Data Breaches in the First Half of 2023

In 2022, the ITRC tracked 344 compromises in the healthcare industry, impacting just over 26 million people. In the first half of 2023, we surpassed the number of data events. The Center tracked 379 compromises in the first six months, impacting over 21 million people. Of the 379 compromises, 298 of them were in Q2. To no one’s surprise, the healthcare industry has more compromises than any other industry the ITRC tracks in 2023 to date. The rise in healthcare data breaches continues as we head into the second half of the year.

HCA Healthcare Data Compromise

Earlier this month, HCA Healthcare reported a data security incident where personal information, including patient names and contact details, was stolen and posted online. According to Healthcare Dive, the data lists could contain 27 million rows of data with information from about 11 million patients who received care at HCA hospitals or physicians’ offices in 20 states. As of the recording of this podcast, 943 hospitals and clinics have been impacted by the HCA Healthcare data breach.

Tampa General Hospital Data Breach

Just last week, Tampa General Hospital announced a data breach affecting over one million patients and staff members. The hospital says that hackers gained access to the personal information of 1.2 million people during a cybersecurity event that lasted 18 days. The files accessed may have contained names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, dates of service and limited treatment information used for business operations.

A Healthcare Data Breach is Expensive

We have one more statistic about healthcare data breaches. In their annual data breach report released this week, IBM notes that for the 13th consecutive year, healthcare data breaches are the most expensive – costing an average of $10.9 million in the U.S.

What to Do if you Receive a Data Breach Notice

If you receive a data breach notice, follow the advice offered by the impacted company. Immediately change your password and switch to a 12+-character passphrase, change the passwords of other accounts with the same password as the breached account, use multi-factor authentication with an app – SMS can be spoofed – and keep an eye out for phishing attempts that claim to be from the breached organization.

Contact the ITRC

To view our H1 2023 Data Breach Analysis and key findings, visit www.idtheftcenter.org/publications. If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. We will return next week with another episode of the Weekly Breach Breakdown.