May 5, 2016

Content from the Brookings-Tsinghua Public Policy Center is now archived. Since October 1, 2020, Brookings has maintained a limited partnership with Tsinghua University School of Public Policy and Management that is intended to facilitate jointly organized dialogues, meetings, and/or events.

The frequency and magnitude of privacy breaches have trended upward in recent years. According to statistics from the Identity Theft Resource Center, data breaches are more likely to happen in the health care industry than any other sector. Experian predicts that this sector will continue to experience an increasing volume of hacking attacks in 2016.

On average, two breach incidents occur per 1,000 physicians. Privacy breaches occur most frequently in Maine, at four times more than the national average, while Wyoming and Montana rank second and third with breach incident rates at triple the national average.

This is a pull quote.

Why do such incidents happen so frequently in the health care sector and how could they be prevented?

To answer these questions, I talked with key personnel at twenty-two different hospitals, insurers, and business associates that had experienced a breach incident over the last two years. A new report synthesizes the lessons learned from those incidents and highlights the unique vulnerabilities of the health care system to privacy breaches. The report lays out the following recommendations on how government action in the short run and a cyber-insurance market in the long run can provide a remedy for the current problem and ensure the privacy of patients.