A new Michigan State University study finds a decade of computer hacking has exposed the personal data of nearly 170 million hospital patients.
Researchers from MSU and Johns Hopkins University examined more than 1,400 hospital data breaches between 2009 and 2019.
The study finds more than 70% of the breaches compromised sensitive demographic or financial data that could lead to identity theft or financial fraud. Only a small percentage of sensitive health information was exposed.
“The major story we heard from victims was how compromised, sensitive information caused financial or reputation loss,” says John Jiang, lead author and MSU professor of accounting and information systems. “A criminal might file a fraudulent tax return or apply for a credit card using the social security number and birth dates leaked from a hospital data breach.”
The researchers suggest government regulators should collect information compromised in a data breach to help the public assess the potential damages. They say health care providers could reduce data breach risks by focusing on securing information.
The study appears in the Annals of Internal Medicine.