Technology has left an indelible imprint on health caredelivery, improving the accuracy and accessibility of patientinformation, but what about the risks? Consider the followingscenarios:

• A hospital nurse lost an iPad containing the names, socialsecurity numbers, medical conditions and other protected healthinformation for 25,000 patients vaccinated against the flu.

• A physician group gave its billing company the names and healthcare spending account numbers of 450 patients. The billing companyaccidentally posted these files on its public website, where theyremained until a patient saw the information. 

• A physician office's server, which contained unencryptedinformation on 2,500 patients, was hacked and encrypted. Thehackers demanded $50,000 to unencrypt the information and returncontrol of the server.

Stories like these are a reminder that not all data breaches arecreated equal. Health care organizations have access to sensitivedata regarding not only patients' finances, but on their health aswell. Unfortunately, while health care data breaches are morepersonal in nature, they're also more common than most peoplethink.

The numbers paint a startling picture:

• Medical identity theft is more lucrative than creditcard theft. According to PhishLabs, a provider ofcybercrime protection and intelligence services, stolen healthcredentials are worth about 10 to 20 times that of a U.S. creditcard number.
• Forty-three percent of all identity theft is caused bymedical records theft,according to a credit.comarticle, "Nearly Half of Identity Thefts Involve MedicalData."
• The cost of a health care data breach averages $316 perrecord, well above the $201 perrecord for all industry segments combined, according to the PonemonInstitute's "2014 Cost of Data Breach Study."

For patients whose medical identity is stolen, the costs rangefar beyond the challenge of repairing medical records. Patients'credit ratings can be damaged. Their health insurance policiescould potentially be cancelled or their premiums increased. Worseyet, if the person who stole the medical identity changes theexisting medical information, an individual's health could be atrisk.

For health care organizations responsible for safeguardingprotected health information, the costs of addressing a breachrange from notification and crisis management costs to potentiallegal action.