Medical data breach

A medical data breach is a data breach of health information, and could include either the personal health information of any individual's electronic health record or medical billing information from their health insurance.

Black market for health data

In February 2015 an NPR report claimed that organized crime networks had ways of selling health data in the black market.^[1]

In 2015 a Beazley Group staffperson estimated that medical records could sell on the black market for US$40-50.^[2]

Theft, data loss, hacking, and unauthorized account access are ways in which medical data breaches happen.^[3]

In 2015, Anthem Inc. lost data for 37 million people in the Anthem medical data breach
In 2011 4.9 million users of Tricare services had their data stolen due to an employee error by Science Applications International Corporation^[4]
In 2014 4.5 million people using Complete Health Systems had their data stolen^[4]
In 2013 4 million people using Advocate Health and Hospitals Corporation had their data stolen^[4]
In 2011 1.9 million people using Health Net had their data stolen^[4]
In 2013-14 1 million people using Montana Department of Public Health and Human Services had their data stolen^[4]
In 2011 1 million people using Nemours Foundation had their data stolen^[4]
In 2009 1 million people using BlueCross BlueShield of Tennessee had their data stolen^[4]
In 2010 6800 people using New York-Presbyterian Hospital and Columbia University Medical Center had their data breached. In response, those organizations agreed to pay the United States Department of Health and Human Services a US$4.8 million dollar fine.^[5]

Companies in the United States are legally required to report data breaches to the United States Federal Government.

↑ Shahani, Aarti (13 February 2015). "The Black Market For Stolen Health Care Data : All Tech Considered : NPR". npr.org. Retrieved 17 February 2015.
↑ Abelson, Reed; Goldstein, Matthew (5 February 2015). "Anthem Hacking Points to Security Vulnerability of Health Care Industry". The New York Times (New York: NYTC). ISSN 0362-4331. Retrieved 17 February 2015.
↑ Millman, Jason (19 August 2014). "Health care data breaches have hit 30M patients and counting". The Washington Post (Washington DC: WPC). ISSN 0190-8286. Retrieved 17 February 2015.
↑ 4.0 4.1 4.2 4.3 4.4 4.5 4.6 Fischer, Kristen (28 September 2014). "The 7 Biggest Health Data Breaches in the US (So Far)". healthline.com. Retrieved 17 February 2015.
↑ staff (8 May 2014). "Columbia Medical Center, Hospital To Pay $4.8M Fine for Data Breach - iHealthBeat". ihealthbeat.org. California HealthCare Foundation. Retrieved 17 February 2015.

Breach Notification Rule, a policy of the United States government requiring that data breaches be reported