How to Protect Your Health Data in Case of a Breach

Bitdefender Internet Security Software

Imagine someone has broken into your house and stolen your passport, driver’s license, SSN, credit cards and medical records. Now think for a moment: all this information is scattered around the internet, in digital form. Your medical history is accessible on your doctor’s laptop, your credit card numbers are on various websites you shop online, your SSN is on your insurance company’s system, your passport data is on a travel agency server, and your private conversations are on social media apps. They are left on several virtual “tables,” and the risk is that someone breaks in and grabs them.

The safety of much of this info is the responsibility of the systems’ owners, but you could do something to protect yourself.

This guide focuses on health data protection and aims to help you avoid falling victim to medical identity theft, as health data breaches are on the rise.

Medical identity theft is the fraudulent use of an individual’s personally identifiable information (PII) and protected health information (PHI), including name, Social Security, or health insurance numbers, to receive medical treatment, devices, prescriptions, or other health benefits. This can include submitting fraudulent claims to health insurance companies for financial compensation.

Feel free to apply the same principles and tools to protect all your sensitive information.

While there is no bulletproof solution to keep your data breach-free, knowing when and how to respond to a data breach can go a long way in preventing financial damages and speeding up your recovery process.

You cannot save the world from hackers, but you can fight them with the best identity protection solutions.

Medical identity theft is more common than you think

In 2021, data breaches at US healthcare organizations due to Hacking/IT impacted 43,096,956 patient records. (The 2022 Healthcare Cyber Trend Research Report)

US government data shows that the number of healthcare breaches in the first five months of 2022 has nearly doubled from the same period last year.

Millions of Americans have been hit by breaches involving health information. The largest healthcare breach reported so far hit Shields Health Care Group, which offers imaging and outpatient services throughout New England.

Two million patients from nearly 60 healthcare providers were recently informed that their data was stolen after the hack of a third-party vendor. The data may have involved information such as names, Social Security numbers, dates of birth, addresses, and other information.

Health data breaches in the first half of 2022 also hit Broward Health (1.35 million people affected) and Texas Tech University Health Sciences Center (1.29 million people affected), Baptist Medical Center and Resolute Health Hospital (1.24 million people) to name a few.

But health data breaches aren’t just an American problem.


Personally identifiable information of more than 500,000 French citizens was stolen from the Caisse Nationale de l’AssuranceMaladie (CNAM) after criminals gained access to healthcare professional accounts. Stolen data includes names, dates of birth, gender, Social Security numbers, and levels of reimbursement.


According to the German federal government, the number of successful cyber attacks on German health service providers deemed to be operating critical infrastructure more than doubled in 2020 from 2019. An incident in September 2020 made headlines:

  • 30 servers of the Dusseldorf University Hospital were held to ransom.
  • Scheduled surgery had to be canceled.
  • The emergency room was closed.

Reportedly, a woman died because her ambulance had to be redirected to another hospital.


The NHS was one of the most high-profile organizations affected by the 2017 ‘WannaCry’ ransomware attack. The attack disrupted more than a third of English NHS Trusts, and almost 7,000 appointments were canceled.

Canadian healthcare service provider Scarborough Health Network (SHN) has warned that a data breach may have exposed patient healthcare records. The potentially exposed information includes patient names, birth dates, email addresses, home addresses, lab reports, diagnosis information, medical procedure details, insurance policy numbers, details of attending physicians, and more.

South Africa

Dis-Chem, the second-largest retail pharmacy in South Africa, has disclosed a data breach affecting over 3.6 million customers.

Dis-Chem explained that the data compromise occurred around April 28, affecting a third-party provider that manages one of its customer databases.

Following an internal investigation, Dis-Chem said an unauthorized party accessed the personal details of 3,687,881 customers, including names, email addresses, and cell phone numbers.

Why is Your Healthcare Data So Valuable?

Personal health information collected or created by healthcare entities is highly desired in the cybercriminal community.

Why? Because it is valuable. According to the Infosec Institute, credit card information and personal information sell for $1-$2 on the black market, but health data can sell for as much as $363. This is because a personal health history, including ailments, illnesses, surgeries, etc, can’t be changed, unlike credit card information or Social Security Numbers.

Your medical record is also valuable because criminals can use it to target you with extortion and blackmail attacks via email, phone, or text, taking advantage of your medical conditions. They can use it to create fake insurance claims, to illegally gain access to prescriptions for their own use or resale.

Always keep an eye on your medical bills and review medical records for suspicious entries, or use a digital identity protection tool that does this for you. You should also be wary of unsolicited emails or suspicious messages and immediately notify your healthcare provider of unrecognized entries. Fraudulent charges or threats should immediately be reported to your local authorities.

The likely impact of a data breach on you

If someone finds your medical history, they can use it against you in multiple ways.

A thief could:

  • Use your name and perhaps your insurance information or Social Security number to obtain care.
  • Use your personal and health insurance information for medical treatment, prescription drugs or surgery.
  • Mess with your data. Your records could indicate a different blood type, an inaccurate medical history, false drug or alcohol abuse, test results that aren’t yours, or a diagnosis of an illness, allergy or condition you don’t have.
  • The results can be devastating:
  • You could receive bills for medical services you didn’t receive
  • You could get an incorrect diagnosis or treatment — for example, if someone swiped your identity, and changed details in your records.
  • You could be denied future claims by your health insurer, saying you exceeded your plan’s limits.
  • You are denied insurance because your medical records show a condition you don’t have.
  • Loss of privacy and damage to reputation.

Discovery time for 60% of data breaches is weeks or longer, according to the Verizon 2022 Data Breach Investigations Report

For you, this means that it could be far too late by the time a company sends you an email telling you to change your passwords.

How worried should you be? Self-assessment tool (Yes | No)

While you can’t completely shield your health data, you can assess your risk of exposure by being aware of all the places this data went. Here are some examples to help you with that:

  • You store health information (insurance forms, prescriptions, or physician statements) on your computer or mobile device
  • You exchange emails with your doctor about your condition, treatment plans, medication, appointments
  • You share information about yourself in health-related online communities, social media groups, or messenger apps
  • You have taken an online health survey
  • You use apps or devices to monitor your heart rate, blood pressure, sugar levels, pill intake
  • You agreed for your medical records to be shared with third parties by your doctor.

The more “yes” answers you have, the more vulnerable you are in case of a health data breach.

What can you do to protect your healthcare data?

Your doctor uses tools to protect and secure your health information at their office. You can do the same at home.

Sticking to good security practices is free, and it pays off:

  • Watch out for unsolicited emails, suspicious links and attachments allegedly sent from hospitals, treatment centers and insurance companies
  • Never respond to requests seeking to confirm sensitive information such as passwords or payment information
  • Use unique, strong passwords and enable two-factor authentication on accounts
  • Do not respond to unsolicited telephone calls or urgent text messages asking for personal information
  • Contact your health insurance provider whenever in doubt using official channels only
  • Delete as many old, unused accounts as you can. The more sites that have your data, the greater the chances it will be exposed.
  • Find out now if your data has been breached with our Digital Identity Protection solution

Digital Identity Protection is the result of our expertise and knowledge from 20 years of providing award-winning security to customers around the world.

With DIP, you:

  • Discover what the Internet already knows about you
  • Find out if you were affected by a breach
  • Take control over your data by knowing what you do if it leaks or how to prevent it

What to do after a data breach:

  1. Don’t panic. Figure out what was stolen. Take a moment to read the data breach details to see what personal information was included.
  2. Change your password(s). Beware that every password must be unique. If you reuse a password, data breaches can give hackers access to every site you use that password on.
  3. If your financial information has been exposed (credit card or bank account), alert your bank to the possibility of fraud and monitor your statements for strange transactions.
  4. Notify your friends who might use the same service/ app and warn them so they can take measures.

How can a Bitdefender Digital Identity Protection subscription help with your online privacy?

Bitdefender Digital Identity Protection continuously monitors your personal information and alerts you in real-time in case of a data breach. This way, you can change your passwords and secure your accounts to prevent financial loss or social media impersonation.

Find out now with Bitdefender’s Digital Identity Protection. With our dedicated privacy tool, you can:

· Discover the extent of your digital footprint

· Find your personal information online, in legal and illegal collections of data

· Benefit from 24/7 data breach monitoring for up to five email addresses

· Get instant alerts to new breaches and privacy threats

· Detect social media impersonators who can ruin your reputation

Specifically for US

When you want to protect not only your data but also the money in your accounts, get Bitdefender Identity Theft Protection.

How can Bitdefender Identity Theft Protection help you?

We combined advanced detection technology, real-time alerts, 24/7 US-based support, and identity recovery in a unique solution. It monitors your SSN, email address and phone numbers in places where they should not be listed (including the Dark Web) and alerts you to any changes in your address, court records in your name, and payday loans are taken out in your name.

  • Monitors and detects. Continuous monitoring of your medical accounts, identity, privacy and credit.
  • Gives You Real-Time Alerts. When your information is at risk, you are rapidly notified.
  • Recover & reimburse. If you fall victim to identity theft, you have the support of our #1-rated experts and our insurance ranges from $1 million to $2 million, including reimbursement of stolen funds.

Don’t wait until it’s too late. Start protecting your digital identity today!