More than 10 million US citizens become victims of fraud every year, most of it related to stolen identity. Just as disturbing is the fact that health insurance-related ID theft accounts for over a quarter of all reported identity theft cases, according to medical ID theft statistics.
This type of identity theft is very dangerous because others can use your healthcare credentials to pay for expensive medical services. You could thus find yourself tens of thousands of dollars in debt — and that’s not to mention all the time and paperwork required to resolve the issue.
Here you’ll learn more about this type of identity theft and find out just how big of a problem it is for the whole society and not only the individuals directly affected by it.
Top Medical ID Theft Statistics (Editor’s Choice)
- 3,256 data breaches occurred in the US healthcare sector 2005–2019
- 3.5 million people were the victims of the largest 2021 healthcare data breach
- In 2019, there were over 50 healthcare-related thefts of physical media and devices
- Due to unauthorized access, over 4.5 million records were compromised in 2019
- In 2019, healthcare data breaches affected over 35 million people
- Stolen medical data is 20–50 times more valuable than financial data
- A fifth of medical identity fraud victims experience misdiagnosis and mistreatment
- On the Dark Web, medical records can be sold for $250 apiece
General Medical ID Theft Statistics
This set of stats will highlight the most important statistics on healthcare-related ID theft, which is one of the most common types of fraud in the US. You’ll also learn how identity theft and data breach stats affect the healthcare sector.
1. The healthcare sector has the highest cost per stolen record.
(Statista)
The average global cost per stolen record due to data breaches in the healthcare sector is $429, medical ID theft statistics reveal. In comparison, the cost per stolen record in the financial industry is $210, while the technology sector loses $183 per stolen record. Rounding out the top five are the pharmaceuticals and services sectors, both of which lose $178 on average.
2. Internal attacks are the most successful data breach type in healthcare.
(Statista)
Internal attacks are by far the most impactful in the healthcare sector, with a success rate of 66%. According to medical identity theft stats, hacker attacks are close behind with a success rate of 63%, while 56% of cases where health insurance information is published accidentally result in ID frauds. The theft of physical media (27%) and computers (17%) is also common.
3. Between 2005 and 2019, 3,256 data breaches occurred in the US healthcare sector.
(Statista)
In 2019, the US healthcare sector was the target of 525 successful data breaches. Looking at medical identity theft stats over the years, we can see that only 70 successful attacks were recorded just a decade earlier. This marks a staggering 650% increase between 2009 and 2019. The lowest number of breaches occurred in 2005, only 16, but the growth was inevitable due to technological advancements and the digitization of the healthcare sector.
4. The largest 2021 healthcare data breach impacted 3.5 million people.
(Health IT Security)
Medical identity theft statistics note that in 2021, health data breaches impacted more than 40 million people, and over 550 organizations reported such violations to HHS. The largest one happened in January and was reported by Florida Healthy Kids Corporation.
After a cyberattack happened to the health plan’s site, the personal information of millions who had enrolled in Florida KidCare or had applied for coverage 2013–2020 was exposed. That involved birth dates, financial data, Social Security numbers, names, and addresses.
5. In 2019, there were 303 hacking incidents in healthcare.
(HIPAA Journal)
Hacking statistics show that hackers carried out 303 medical records theft cases in 2019, which is the highest number in the last decade by a wide margin. In comparison, there were only 161 hacking incidents in 2018, marking an 88.2% increase year-over-year. The number of cases was significantly lower earlier in the decade, but that’s because providers didn’t have the technology to detect and fight hacker attacks promptly. As such, many attacks in the past lasted for months before being detected.
6. There were 54 healthcare-related thefts of physical media and devices in 2019.
(HIPAA Journal)
This number refers to the thefts of personal computers, tablets, and other devices that contain sensitive medical information. These medical identity theft cases were at a 10-year low in 2019. Interestingly, most such thefts in healthcare were recorded in 2013 and 2014 — 152 and 150 incidents, respectively. Since then, their number has been decreasing steadily, likely due to healthcare companies’ growing reliance on cloud storage instead of physical storage.
7. In 2019, more than 4.5 million records were compromised due to unauthorized access.
(HIPAA Journal)
Identity theft in healthcare hit its peak in 2019. That year, 147 cases of unauthorized access occurred due to employee error, negligence, or malicious insider attacks. All these incidents compromised more than 4.5 million medical records, marking a 10-year high.
Find out how to deter identity theft.
8. More than 35 million people were affected by healthcare data breaches in 2019.
(HIPAA Journal)
Hacker attacks and IT incidents left more than 35 million records compromised, according to medical identity theft statistics from 2019. Although higher than the previous three years, this is still well below the 2015 numbers — more than 110 million records were compromised that year.
9. A report reveals that almost 600 healthcare data breaches occurred in 2020.
(Bitglass)
That equated to a 55% rise from the previous year. Moreover, the average cost per breach grew by around 10%. In other words, it was $429 in 2019 and reached $499 in 2020. On top of that, it took 236 days for an average healthcare firm to recover from the breach.
Statistics on Medical Identity Theft Cases
Millions of identity theft cases occur in the US every year. As already said, more than one-quarter of those involve the theft of another person’s health insurance credentials. In this set of stats, we’ll see how often this type of identity theft happens and how much it costs.
10. Compared to financial data, stolen health info is 20–50 times more valuable.
(IDX)
When someone steals another person’s medical information, they may use this medical identity theft to their advantage in several ways.
Namely, they may ask to receive medical treatment, get health services, or fill prescriptions. Furthermore, perpetrators may try to ask for payout by submitting pretenses to health insurance firms.
11. On average, a victim of medical identity theft pays $13,500 to resolve the problem.
(IDX)
There has not only been an increase in the cyber attacks against healthcare companies, but also in medical identity theft, as per medical identity theft stats. You’ve learnt how much that sets the victim back.
However, the victims aren’t the only ones feeling the impact of this criminal action. In fact, medical identity theft costs the healthcare industry around $30 billion annually.
(Statista)
The survey was conducted to check the willingness of Americans to share their personal medical data intended for research and health care.
In addition, around 72% of them stated they would share their data so that experts could better understand diseases and find new ways of preventing and treating them.
13. 20% of medical identity fraud victims experience misdiagnosis and mistreatment.
(Center for Victim Research)
Healthcare ID thefts don’t just affect the victims financially — healthcare fraud and abuse can also have a severely negative effect on their health. According to a study by the Ponemon Institute, 20% of victims experience misdiagnosis and mistreatment due to incorrect information in their medical records. Many have also experienced delayed care, which could sometimes have a fatal outcome.
14. Medical records are worth $250 apiece on the Dark Web.
(Trustwave)
According to a report on medical identity theft from 2019, medical records are worth up to $250 on the Dark Web. Their price has dropped in recent years due to the increased number of data breaches in the healthcare sector and the growing availability of stolen medical records.
Conclusion
Identity theft is one of the most prevalent crimes in the 21st century. Hackers commonly attack healthcare providers and insurers to steal medical records and sell them on the Dark Web. Considering that cybercriminals generate revenues of $1.5 TRILLION annually, they are not likely to stop doing it.
These statistics show you just how far-reaching and serious this problem is today. But the rise in healthcare ID theft shows no sign of stopping. On the contrary, it’s expected to continue growing along with the number of people who need services their insurance policy doesn’t provide. If you become a victim, here is how to file a report for identity theft.
People Also Ask
Healthcare ID theft occurs when somebody gains access to sensitive personal information, such as your name and social security number. They can use this information to pay for expensive medical services and treatments without your consent. Hackers who carry out successful attacks against healthcare providers and insurance companies steal thousands of medical records at once. They then sell them on the Dark Web, where one record costs up to $250.
This type of identity theft has become one of the most common crimes in the US, directly affecting close to 100,000 people every year. According to the Federal Trade Commission (FTC), 2019 saw a 101% increase in the number of healthcare ID theft cases. What’s more, healthcare identity theft accounted for more than a quarter of all reported ID thefts in 2018.
Although there’s no way to keep your personal information completely secure, you can still take some steps as a precaution and possibly prevent the theft of your medical information.
Firstly, if your insurance identification card is stolen or missing, you need to report it and ask for a new one. Secondly, you can’t share your personal health information with anyone, especially companies claiming to offer free services or products.
Never share your personal information via phone or email unless you’re sure the other party isn’t a scammer. Choose only companies that are guaranteed to offer the best identity theft protection if you plan to avail of such services.
Identity theft crimes have experienced a significant rise in the last few years. According to the FTC, US citizens filed 650,072 reports of stolen identity in 2019. This number accounted for 20% of all fraud reports received by this institution. It is safe to assume that many more cases went unreported, likely because the victims are still unaware their identity has been stolen.
One of the most affected groups by identity theft are victims aged between 40 and 69. Research shows that people aged 40–49 file about 15% of all ID theft reports, while those in the 50–59 brackets account for 24% of all submitted reports. Military personnel is also a high-risk group because they use their social security numbers for identification. College students are 400% more likely than others to have their identity stolen by friends, medical ID theft statistics reveal.
