90% of non-health industries experience PHI breaches: 6 things to know

Healthcare isn't the only industry that collects and stores protected health information. A new report from Verizon found 90 percent of non-health industries experience breaches that compromise PHI.

Here are six things to know from the Verizon 2015 Protected Health Information Data Breach Report.

1. The report defines PHI to include:

  • Names, addresses, telephone and fax numbers
  • Email addresses
  • Medical insurance numbers
  • Social Security numbers
  • Any date that includes more information than just a year
  • Financial account numbers, license numbers and vehicle certification numbers
  • Medical device serial numbers
  • IP addresses
  • Biometric data like finger prints, retinal prints and DNA
  • Photographic images that have unique identifying characteristics
  • Medical records

2. The report suggests that many other industries don't know they store PHI, which may result in less stringent cybersecurity measures.

3. Across industries, the top three actions related to PHI breaches are physical (a stolen device), error (like a mis-sent email or lost device) and misuse (inappropriate access by employees). According to the report, 86 percent of all PHI data breaches stem from one of these three actions.

4. When medical records are stolen, the report indicates it is the personal identifier information that hackers are after, not so much the medical records. PII is what can be used to commit financial fraud, not clinical information.

5. Healthcare unsurprisingly accounted for the most medical records breached out of surveyed industries, with 1,403 incidences accounting for 72.7 percent of all breaches. Second was "public" with 177 incidences accounting for 9.17 percent of all breaches, and third was finance, with 113 incidences accounting for 5.85 percent of all breaches.

6. "Many organizations are not doing enough to protect this highly sensitive and confidential data," said Suzanne Widup, senior analyst and lead author for the Verizon Enterprise Solutions report. "This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organizations and individuals. Protected health information is highly coveted by today's cybercriminals."

More articles on data breaches:

VA to Congress: Cybersecurity & data breach update
UW Medicine reaches $750,000 HIPAA settlement for 2013 breach
5 biggest healthcare data breaches of 2015

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers