Hospital data breach results in an expensive lawsuit – Is yours next?

Hospital data breaches have been rampant for quite some years now. Last year’s figures alone are quite frightening – one states that 41 million patient records were exposed, essentially making the patients potential victims of medical identity theft. Thus, both data breaches and medical identity theft has been in the limelight. These unwanted nuisances have turned the attention towards healthcare providers who are suffering from these events. One such provider is the University of Missouri Health Care (MU Health), who suffered a data breach of 14 thousand records and also were hit by a lawsuit by the impacted patients.

This happened back in 2019. The provider was sued by patients who were affected by the breach in question. The patients reasoned that the breach had made their sensitive records prone to medical identity theft – their fear was not irrational.

The actual story

On the first day of May 2019, the healthcare provider found out that an outsider somehow accessed email accounts of two employees for more than a week. Following the incident, the concerned officials said that they took the necessary steps to secure both accounts. 

It was not disclosed how the hacker got access and whether it was a phishing incident or not. However, the healthcare provider revealed that the affected account had sensitive patient data stored, such as names, DOB, medical record numbers, insurance details, as well as treatment details. The hospital data breach even consisted of the Social Security Numbers of some unlucky patients.

The data breach, fortunately, did not affect all the patients of MU Health. However, it did affect around 14,400 patients, which is no small number. As soon as the provider’s inquiry ended regarding the breach on the twenty-seventh day of July, it started to inform the patients regarding the breach. Oddly, the organization notified the patients after the required timeframe of 60 days as per HIPAA regulations.

The aftermath

Within the same week of notifying the patients, one of them filed a lawsuit, followed by 19 others. Their reason was very simple – the data breach would likely result in medical identity theft and lead to lower-quality care. The patients also believed that they were paying quite an amount of money, and thus, MU Health should add stringent security with their services.

Hospital data breaches can arm hackers with enough information to obtain medical services assigned to the patients. The hackers could either expose the data, sell it, or use it for themselves. These could lead to the patients paying for healthcare services they did not avail. These could also become denied claims for healthcare providers. Whichever way one looks at it, data breaches and medical identity theft is extremely undesirable. 

How do hospitals prevent medical identity theft?

Although it is quite prevalent nowadays, medical identity theft can actually be prevented. One way to make sure that the medical records are safe is by locking them with a key that hackers cannot forge. That is exactly what RightPatient does. It is a biometric patient identification platform that locks the patient records with their biometric data. Once the platform attaches the medical record with the data during enrollment, a third party cannot come and claim that record, preventing medical identity theft and ensuring accurate patient identification. RightPatient has been preventing medical identity theft for leading hospitals such as University Health Care System and Grady Health System.