Organizations like the Identity Theft Resource Center track data breaches and identity theft crimes throughout the year in order to establish a clear picture of how these issues affect consumers. Year after year, record-setting numbers of data breaches and compromised consumer records continue to plague every sector of industry, but nothing may have been more surprising than this:

In July, more than 860,000 patients’ medical records were compromised in data breaches.

You read that right: 860,000 patient records. The data breaches that resulted in the loss of records came from a variety of sources and methods, and not all of the affected records led to individual harm. The result; however, is nearly one million people whose information was in some way exposed.

What’s interesting about the events that compromised so many records is the different ways they happened. Improper disposal of records, something that has been happening for decades, may have affected more patients than any other mechanism, even the supposedly high-tech kinds like hacking or ransomware. It’s alarming that more than 300,000 patients’ records were exposed through improper disposal, yet only two reported improper disposal events were uncovered in July.

Hacking or other cybercrimes—arguably the more commonly thought of method of data breaches, at least in the minds of the public—were only responsible for just over 200,000 stolen records. Except for a couple of incidents involving health insurance providers or vendors, most of the 18 separate intentional breaches targeted the networks of healthcare providers themselves.

Accidental exposure of records is an issue that has weighed on nearly every kind of industry in the past few years, and the healthcare sector was no different. Last month, more than 200,000 patient records were exposed when a database of information from one state was left accessible on the internet. Of course, it’s irresponsible to overlook the potential exposure that happens when someone misplaces a USB drive or reports a stolen laptop. That single missing laptop was responsible for the exposure of almost 5,000 patient records in one event.

So what does this mean for patients? It means you could expect a notification letter or email to show up in the near future, providing you with step-by-step instructions on how to take action if your records were exposed. It also means you need to monitor your sensitive accounts carefully and be on the lookout for medical bills or insurance claims that you didn’t file in case an unauthorized person uses your identity.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.