Health care fraud and health insurance fraud are growing problems. According to the latest report from the Ponemon Institute on patient data privacy and security, 90 percent of health care organizations have had at least one breach in the past two years.

The report estimates the average economic impact of breaches for such organizations over the past two years is $2 million per organization. The issue’s growth can be seen in the fact that criminal attacks on health care organizations have grown by an estimated 100 percent since 2010, with employee negligence seen as the greatest security risk. A recent report by the Identity Theft Resource Center found that 42.5 percent of all recent breaches in the United States occurred in the medical and health care industry.

Health insurance fraud is another growing problem. If criminals obtain a person’s medical identity, they can use it to procure medical services or medicine via his or her insurance provision, also known as billing fraud. According to an earlier Ponemon study, the average cost incurred in this type of insurance fraud is $18,660, which is far greater than the damage generally caused by simpler identity theft.

One particular type of fraud in the health care sector is “friendly fraud,” which Ponemon estimates amounts to more than 50 percent of all medical identity theft. In this type of fraud, someone uses the insurance card of a friend or relative in order to receive medical care. This type of fraud can have far-reaching consequences, since the impostor’s medical records will then be mingled with those of the insured person.

According to the FBI, health care fraud in the United States costs tens of billions of dollars per year. When combined with national health care expenditures, the total cost is estimated to exceed $3 trillion.

Digital Age Exacerbates Health Insurance Fraud Problem

Health care fraud and health insurance fraud become easier to conduct as more information is held and communicated electronically. Electronic health records are increasingly being used to store personal information such as test results and treatment plans. They can also store financial information such as credit card numbers. When this information is pieced together, the ability to commit various types of fraud increases.

According to IDC Health Insights, the health care industry is especially vulnerable to cyberattacks when compared to industries such as the retail and financial services sectors. This is primarily because the health care sector has historically invested less in IT, and security technology in particular. For example, many insurance companies lack systems to monitor networks in order to identify and respond to abnormal behavior or spot fraudulent transactions. This happens even though the health care sector is highly regulated in many countries. In the United States, health care providers and insurers must comply with the Health Insurance Portability and Accountability Act, which mandates health care information is handled in a way to ensure individuals’ privacy is maintained. It also requires that victims are notified in the event of a breach.

Security Investments on the Rise, But More Needs to Be Done

Health care organizations are increasing their overall IT spending as a percentage of revenue in the light of rising costs from cyberattacks and fraud. There are plenty of security technology options available that will vastly improve their overall resilience to security events. These include data governance and fraud management technologies, as well as technologies that help health care providers use electronic means to improve the services they offer to patients.

New technologies offer many advantages to health care providers and insurers to lower their operating costs and improve the standard of services they offer to patients, but they need to ensure they are also investing an adequate amount in security. With incidents of health care fraud and health insurance fraud rising rapidly, no provider in this industry can afford to be complacent.