A new report from the medical security company Protenus finds that more than 41 million patient records were breached in 2019 in 572 hacking incidents.
Half of those breaches came in a single hack, of a company called American Medical Collection Agency, which served major companies like LabCorp and Quest Diagnostics.
“I’ve spoken to patients who have had their medical information stolen and they have had tens of thousands of dollars worth of procedures done under a false identity,” says Kira Caban, of Protenus. She adds that unlike other forms of identity theft, when someone steals a person’s medical information, it can literally be a matter of life or death.
“Now anytime this patient goes to the hospital, he has to double-check if they have the right blood type, if they have the right medical information, the right allergy information. And what happens if he's taken to the hospital incapacitated and can’t double check this information?” Caban says.
To avoid discrepancies, patients are advised to verify the information in that file is accurate from time to time, paying specific attention to things like blood type and drug allergies.
Also, patients are advised to avoid giving out their Social Security number to medical providers. That links the person’s medical records with the rest of their personal financial information.
Patients are also encouraged to ask their doctor about how their medical information is stored.
“Arming yourself with the information so you know what questions to ask your care providers can mean the difference between keeping your patient data secure and having those conversations, and having to deal with the aftermath of a data breach,” Caban says.