We’ve all heard the horror stories. Criminals strike from the shadows, stealing personal information and gaining access to our accounts, our contact information, and our medical records. We’re talking about identity theft—specifically medical identity theft.
According to the Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, the major cause of sensitive data compromise for the past few years had been the theft or loss of electronic devices. But in 2014 a shift occurred, after which the majority of medical identity theft incidents resulted from a direct cyber-attack. This trend continues, and these days more than 90 percent of healthcare organizations have lost data to hackers at least once in the past two years.
Hackers have found that medical institutions are easier to crack than financial institutions. In the financial sector, more effort has been put forth to protect accounts against intrusion and exploitation by hackers, thieves, and even terrorists.
Consequently, the financial sector has developed a hardened cyber-defense compared to the medical sector. The fact that medical institutions present a softer target, combined with the high potential payoff to thieves of gaining individuals’ sensitive personal information, has silhouetted the health care sector as the prime target for cyber-attack.
When criminals steal someone’s personal medical data, they gain access to social security numbers, address and phone number, and things like credit history and credit accounts. They may also have the ability to change your personal information. For example, a criminal might apply for a new credit card and have it sent to a different address. If they gain access to a person’s drug prescriptions, they may be able to purchase prescription drugs in the victim’s name. Worse yet, the criminal could change information in a victim’s records, such as identified allergies or blood type.
One victim of identity theft, Mary, describes her ordeal. She says that her medical records were compromised during her treatment for a serious illness at one of the nation’s most prestigious hospitals. The thief used her social security number and other personal information to gain control of her credit card accounts. The speed with which the thief acted amazed the victim, and by the time she gained control of the situation, she had lost thousands of dollars. Months later, she had trouble with the Internal Revenue Service stemming from cross-contamination of her identity with that of the thief. She has no idea whether the security breach resulted from a stolen computer at the hospital, a disgruntled employee, or at the hands of a hacker. Two years later, she’s still trying to clear things up with the IRS. Not surprisingly, she says, “It’s a nightmare. Nothing I do seems to make it go away.”
“They may also have the ability to change your personal information.”
What can we do to protect ourselves against threats we can’t control? We have no choice in today’s high-tech society but to rely on others to manage our personal medical information. However, we can take certain precautions to mitigate the risk of medical identity theft. Criminals always choose the softest target. When we take personal data security seriously, we can make our accounts look like a well-lit house with bars on the windows. If thieves don’t see an easy way in, they’ll move on down the street.
- Keep a sharp eye on your finances. You need to know about it right away if a criminal gains access to one of your accounts. Look for transactions that don’t make sense, and question the account or records custodian. If you live in Texas, and someone just used your credit card to buy a tank of gas in Idaho, it’s time to sound the alarm. Less obviously, if you find prescriptions in your record for drugs you don’t use, or if unfamiliar addresses or phone numbers appear, look into it. It could be a simple clerical error, or it could mean a struggle for your identity is around the corner.
- Review your medical records. We can’t control luck, but we can take steps to improve our chances of avoiding medical identity theft. When was the last time you reviewed your medical records? Go ahead and take that trip into the past. Relive all your most unpleasant injuries and illnesses. You may find something you don’t recognize. It might not even be fraud. Patients with similar names can have their information mixed up. In any case, it’s worth correcting.
- Read over your medical insurance provider’s explanation of benefits. It tells you what to expect, and it may be the first tip-off that someone is using your benefits without your knowledge.
These days, it seems like everyone wants our social security number and a credit card number to “keep on file.” Sometimes, depending on what type of business we’re doing, it’s necessary. Sometimes it’s not. When asked for sensitive information, ask why. It’s your data. It’s your identity.