The Horse is Already Stolen

When discussing health identity protection, one of the first things that comes to mind is the old proverb reminding us we are foolish to lock the barn door to safeguard a stolen horse. The damage is already done; now we need to focus on recovering the horse. Of course, when it comes to health data breaches, it’s not just a single “horse.”

Consider this: The Anthem and Premera Blue Cross data breaches involved over 90 million Americans – just under a third of the overall U.S. population of 321 million people.1 2 3 Add to that figure the 2015 breaches at Partners Healthcare, Saint Agnes Health Care, Seton Health Care Family and St. Vincent Health Care System, among many others, in only the first half of 2015! 4 A recent study predicted that cyber-attacks over the next five years may cost the US health care industry $305 billion in cumulative lifetime revenue, leaving one in 13 patients – or an additional 25 million individuals – victims of data theft by 2020. Further, while taking a proactive approach to cybersecurity can increase a provider’s ability to prevent attacks by an average of 53%, to date few providers adopted such methods. 5 Given these statistics, we could predict that 100% of Americans will be victims of health identity theft at some time in the not too distant future. Meanwhile, health care providers and payers report significant increases in security spending. 6 While compared to other industries the health care still underfunds cyber security, we do commit an average 3% of our health care Information Technology (IT) budgets to security. 7

Of course, health care is not alone or unique when it comes to data breaches. In 2014 alone, hacker intrusions across multiple industries exposed personal information of 110 million Americans – roughly half of the nation’s adults, including myself. 8 Health care is unique, however, for at least three reasons. One, we suffer from a soaring hack rate. Two, health care data has the highest black market value for stolen identities. Three, compared to other industries we face the largest post-breach remediation cost. 9



  1. Riley, C. Insurance Giant Anthem Hit by Massive Data Breach, CNN Money (website). Accessed June 12, 2015
  2. Premera Security Breach Exposes 11 Million Customers, King 5 News, March 17, 2015.
  3. U.S. and World Population Clock, United States Census Bureau (website). Accessed June 10, 2015
  4. Health Care Organizations Report Data Breaches Affecting Thousands, May 4, 2015. iHealthBeat (website). Retrieved from:
  5. Hall, Susan D, October 15, 2015. Cyberattacks threaten $305B in cumulative lifetime revenue in next 5 years. FierceHealthIT (website). Retrieved from: Accessed October 28, 2015
  6. Managing Cyber Risks in an Interconnected World, Key findings from The Global State of Information Security® Survey 2015, PwC, 2014. Retrieved from:
  7. Health Care Organizations Underfunding Cybersecurity Efforts, June 3, 2015. iHealthBeat (website). Retrieved from:
  8. Pagliery, Jose, May 28, 2014. Half of American Adults Hacked this Year, The Cybercrime Economy, CNN Money (website). Accessed June 10, 2015
  9. 2015 Cost of Data Breach Study: United States, Ponemon Institute, May 27, 2015
Series NavigationThe Total Impact of Theft >>
Posted on December 11th, 2015 in Innovating Health Care IT
Tags: , , , , , , , , , . Bookmark the permalink.