More than 10 million US citizens become victims of fraud every year, most of it related to stolen identity. Just as disturbing is the fact that health insurance-related ID theft accounts for over a quarter of all reported identity theft cases, according to medical ID theft statistics.
This type of identity theft is very dangerous because others can use your healthcare credentials to pay for expensive medical services. You could thus find yourself tens of thousands of dollars in debt — and that’s not to mention all the time and paperwork required to resolve the issue.
Here you’ll learn more about this type of identity theft and find out just how big of a problem it is for the whole society and not only the individuals directly affected by it.
Top Medical ID Theft Statistics (Editor’s Choice)
- Between 2005 and 2019, 3,256 data breaches occurred in the US healthcare sector.
- The largest healthcare data breach happened in 2015.
- There were 54 healthcare-related thefts of physical media and devices in 2019.
- In 2019, more than 4.5 million records were compromised due to unauthorized access.
- More than 35 million people were affected by healthcare data breaches in 2019.
- 23% of people say they knowingly shared their medical information.
- 20% of medical identity fraud victims experience misdiagnosis and mistreatment.
- Medical records are worth $250 apiece on the Dark Web.
General Medical ID Theft Statistics
This set of stats will highlight the most important statistics on healthcare-related ID theft, which is one of the most common types of fraud in the US. You’ll also learn how identity theft and data breach stats affect the healthcare sector.
1. The healthcare sector has the highest cost per stolen record.
The average global cost per stolen record due to data breaches in the healthcare sector is $429, medical ID theft statistics reveal. In comparison, the cost per stolen record in the financial industry is $210, while the technology sector loses $183 per stolen record. Rounding out the top five are the pharmaceuticals and services sectors, both of which lose $178 on average.
2. Internal attacks are the most successful data breach type in healthcare.
Internal attacks are by far the most impactful in the healthcare sector, with a success rate of 66%. According to medical identity theft stats, hacker attacks are close behind with a success rate of 63%, while 56% of cases where health insurance information is published accidentally result in ID frauds. The theft of physical media (27%) and computers (17%) is also common.
3. Between 2005 and 2019, 3,256 data breaches occurred in the US healthcare sector.
In 2019, the US healthcare sector was the target of 525 successful data breaches. Looking at medical identity theft stats over the years, we can see that only 70 successful attacks were recorded just a decade earlier. This marks a staggering 650% increase between 2009 and 2019.
The lowest number of breaches occurred in 2005, only 16, but the growth was inevitable due to technological advancements and the digitization of the healthcare sector.
4. The largest healthcare data breach happened in 2015.
Medical identity theft statistics show that the attack on insurance provider Anthem, Inc. in 2015 was the largest data breach in healthcare history, having affected over 78.8 million people. The second-largest data breach happened in 2019 and compromised more than 26 million records, while the Premera Blue Cross attack in 2015 was the third-largest with 11 million records stolen.
5. In 2019, there were 303 hacking incidents in healthcare.
Hackers carried out 303 medical records theft cases in 2019, which is the highest number in the last decade by a wide margin. In comparison, there were only 161 hacking incidents in 2018, marking an 88.2% increase year-over-year.
The number of cases was significantly lower earlier in the decade, but that’s because providers didn’t have the technology to detect and fight hacker attacks promptly. As such, many attacks in the past lasted for months before being detected.
6. There were 54 healthcare-related thefts of physical media and devices in 2019.
This number refers to the thefts of personal computers, tablets, and other devices that contain sensitive medical information. These medical identity theft cases were at a 10-year low in 2019. Interestingly, most such thefts in healthcare were recorded in 2013 and 2014 — 152 and 150 incidents, respectively. Since then, their number has been decreasing steadily, likely due to healthcare companies’ growing reliance on cloud storage instead of physical storage.
7. In 2019, more than 4.5 million records were compromised due to unauthorized access.
Identity theft in healthcare hit its peak in 2019. That year, 147 cases of unauthorized access occurred due to employee error, negligence, or malicious insider attacks. All these incidents compromised more than 4.5 million medical records, marking a 10-year high.
8. More than 35 million people were affected by healthcare data breaches in 2019.
Hacker attacks and IT incidents left more than 35 million records compromised, according to medical identity theft statistics from 2019. Although higher than the previous three years, this is still well below the 2015 numbers — more than 110 million records were compromised that year.
9. For-profit hospitals are less likely to experience data breaches.
(The American Journal of Managed Care)
According to a study conducted between 2009 and 2016, teaching and pediatric hospitals are most likely to experience a data breach. Additionally, larger hospitals with more than 400 beds are also very vulnerable and considered the primary targets for hacker attacks.
Statistics on Medical Identity Theft Cases
Millions of identity theft cases occur in the US every year. As already said, more than one-quarter of those involve the theft of another person’s health insurance credentials. In this set of stats, we’ll see how often this type of identity theft happens and how much it costs.
10. More than 87,000 Americans had their medical credentials stolen in 2018.
The rise in healthcare ID theft cases in the last few years is evident, and it shows no signs of slowing down anytime soon. In 2018, there were 87,765 medical identity theft incidents reported, accounting for more than a quarter of all reported ID theft cases that year.
11. 65% of healthcare ID theft victims paid $13,500 for fraudulent bills in 2013.
(Center for Victim Research)
According to a 2013 study, healthcare ID theft victims had to pay an average of $13,500 to resolve the crime. Apart from the costs directly related to the health insurance identity theft they experienced, they also had to pay legal counsel and identity providers to confirm their identities.
12. 23% of people say they knowingly shared their medical information.
A 2014 study found that about half of all healthcare ID theft cases happen inside the family. In most cases, people are unaware that a relative is using their credentials to access medical services they wouldn’t have access to otherwise.
However, 23% of those who have experienced medical ID theft admitted to knowingly sharing their credentials with friends or relatives.
13. 20% of medical identity fraud victims experience misdiagnosis and mistreatment.
(Center for Victim Research)
Healthcare ID thefts don’t just affect the victims financially — they can also have a severely negative effect on their health. According to a study by the Ponemon Institute, 20% of victims experience misdiagnosis and mistreatment due to incorrect information in their medical records.
Many have also experienced delayed care, which could sometimes have a fatal outcome.
14. Medical records are worth $250 apiece on the Dark Web.
According to a report on medical identity theft from 2019, medical records are worth up to $250 on the Dark Web. Their price has dropped in recent years due to the increased number of data breaches in the healthcare sector and the growing availability of stolen medical records.
Identity theft is one of the most prevalent crimes in the 21st century. Hackers commonly attack healthcare providers and insurers to steal medical records and sell them on the Dark Web.
These statistics show you just how far-reaching and serious this problem is today. But the rise in healthcare ID theft shows no sign of stopping.
On the contrary, it’s expected to continue growing along with the number of people who need services their insurance policy doesn’t provide.
Frequently Asked Questions
What is medical identity theft?
Healthcare ID theft occurs when somebody gains access to sensitive personal information, such as your name and social security number. They can use this information to pay for expensive medical services and treatments without your consent.
Hackers who carry out successful attacks against healthcare providers and insurance companies steal thousands of medical records at once. They then sell them on the Dark Web, where one record costs up to $250.
Is medical identity theft common?
This type of identity theft has become one of the most common crimes in the US, directly affecting close to 100,000 people every year. According to the Federal Trade Commission (FTC), 2019 saw a 101% increase in the number of healthcare ID theft cases.
What’s more, healthcare identity theft accounted for more than a quarter of all reported ID thefts in 2018.
How can you protect yourself from medical identity theft?
Although there’s no way to keep your personal information completely secure, you can still take some steps as a precaution and possibly prevent the theft of your medical information.
Firstly, if your insurance identification card is stolen or missing, you need to report it and ask for a new one. Secondly, you can’t share your personal health information with anyone, especially companies claiming to offer free services or products.
Never share your personal information via phone or email unless you’re sure the other party isn’t a scammer. Choose only companies that are guaranteed to offer the best identity theft protection if you plan to avail of such services.
How many people’s identities are stolen each year?
Identity theft crimes have experienced a significant rise in the last few years. According to the FTC, US citizens filed 650,072 reports of stolen identity in 2019. This number accounted for 20% of all fraud reports received by this institution.
It is safe to assume that many more cases went unreported, likely because the victims are still unaware their identity has been stolen.
Which is the most common age group for victims of identity theft?
One of the most affected groups by identity theft are victims aged between 40 and 69. Research shows that people aged 40–49 file about 15% of all ID theft reports, while those in the 50–59 brackets account for 24% of all submitted reports.
Military personnel is also a high-risk group because they use their social security numbers for identification. College students are 400% more likely than others to have their identity stolen by friends, medical ID theft statistics reveal.