Millions of medical records are stolen each year. But some are sold, and the price tag is almost insulting.

One in five healthcare workers say your personal data is worth between $500 and $1,000, says a poll.

Another 24 percent know someone at work who’s selling their patients’ information, according to solutions company Accenture.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” says John Schoew, leader of Accenture’s North American health and public service security practice. “With sensitive data a part of the job for millions of health workers, organizations must foster a cyberculture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link.”

And that’s just the most egregious of cybersecurity flaws in the healthcare industry.

Healthcare cyber warfare

Hospitals and doctor’s offices had to spend $12.5 million each, on average, last year. Employees selling confidential information is arguably the most malicious mistake made. But, there are many others that put you at risk.

Eighty-eight percent of healthcare workers are trained not to hand write their username and password credentials. And if they do, avoid leaving them next to work computers. However, 17 percent still do. Even worse, those who frequently receive cybersecurity training are more likely to. A quarter (24 percent) of regularly trained healthcare workers make that mistake.

Those are just problems from inside the healthcare industry. Patients still need to be concerned with outside threats.

McAfee, a cybersecurity company tracks more than 478 new cyber threats per minute, according to its latest threats report. The healthcare industry experienced a 211 percent increase in cybersecurity incidents last year alone.

Weak medical software, and lack of security efforts contribute to incidents in the healthcare industry, McAfee says.

“Healthcare is a valuable target for cybercriminals who have set aside ethics in favor of profits,” says Christiaan Beek, McAfee lead scientist and senior principal engineer. “Both health care organizations and developers creating software for their use must be more vigilant in ensuring they are up to date on security best practices.”

But, where is medical identity theft most often to happen?

For a limited time, try our identity protection free for 30 days!

Get Started

The most vulnerable

In 2016, there were 16 million patient records stolen in the U.S., according to a study published in the The American Journal of Managed Care (AJMC).

Medical education, pediatric hospitals and large hospitals — with more than 400 beds experience more data breaches, than privately owned, for-profit hospitals, the study says. There were 215 data breaches in 185 urgent and acute care clinics, that affected 500 or more people, AJMC’s study says.

Hospitals with data breaches versus those without 

This shows how frequently some hospitals are hacked. 

  • Teaching hospitals: 16 percent with a breach vs. only 3 percent without a breach
  • Pediatric hospitals: 6 percent with a breach vs. 2 percent without a breach
  • Larger hospitals: 26 percent with a breach vs. 10 percent without a breach
  • Private for-profit hospitals: Only 15 percent vs. 22 percent without a breach

The use of electronic health records contributes to 19 data breaches, affecting 44,805 people. Lost or stolen laptops from hospitals contribute to more than double the incidents, with 51 data breaches that affected 380,699 people.

Throughout the 7-year long study, researchers noted that hospitals spent more money updating their electronic health records systems. However, hospitals neglected to invest in increasing cybersecurity efforts. They also noted that hackers shifted interests from selling data, to threatening to shut down online systems in hospitals by holding data for ransom.

Which is interesting. As McAfee has pointed out, Ransomware cases increased by almost 60 percent last year.




Meet the Author

Joe Pye

Joe Pye

Associate editor

Pye is the associate editor of


health, identity theft

Related Posts

Article last modified on April 17, 2018 Published by, LLC . Mobile users may also access the AMP Version: Healthcare Workers Might Sell Your Personal Data - AMP.