Identity Theft Within the Medical Industry

WVEC.com posted an article from USA Today about the rise of identity theft within the medical industry. With everything moving towards being digitally and online-based, hackers are becoming an even more prevalent part of security and privacy concerns. According to a study done by the Ponemon Institute, the healthcare industry accounted for 44% of data breaches in 2013.  Another survey found that 90% of healthcare organizations polled had experienced a data breach within the past two years, and as many as 38% had up to five security breaches in that time. The FBI has already warned that the healthcare industry is a big target of identity thieves and that the security measures currently in place are “not adequate to meet the threat.”

Community Health Systems (a hospital chain) recently announced that approximately 4.5 million of their patients’ information was hacked by Chinese thieves using a flaw in the same encryption security technology that is used by almost two-thirds of all websites. It was announced earlier this year that the Affordable Care Act’s (“ACA”) website had been hacked – and that’s not the only problem with this program. The ACA uses government agencies and private contractors to help people sign up (they call these helpers Navigators), but as most states don’t require criminal background checks on them, this means virtually anyone has access to millions of peoples’ personal information. Connecticut recently disclosed that a Navigator’s backpack was found left on a street containing information on 400 ACA enrollees, including names, social security numbers, and birthdates.

Many doctor’s offices now use “Patient Portal,” where not only you, but also doctors in different offices, can access your medical information online. This makes their job much easier (and saves you time having to fill out the same paperwork at every office), but it also makes your information more vulnerable to hackers than traditional paper files kept in one office. What controls are in place for who has access to the information? There are numerous problems that can occur when your medical information is hacked. Medical bills can accrue that you’re stuck paying for, which can lead to problems with your credit score. Your medical records can get mixed up with those of the identity thief, which could be dangerous if allergies or blood types get mixed up. You may not be able to use your health care coverage if someone else is using it under your name.

Luckily there are a few things you can do to prevent, or at least mitigate, the damage if this happens to you. While many doctor’s offices will ask for your social security number, the only reason they really need it is so they can collect on any unpaid bills. Ask if they will take your driver’s license number instead. Shred paperwork containing personal information that you don’t need anymore. This will keep dumpster divers from getting a hold of it. Carefully examining your “explanation of benefits” to make sure you actually received all the items/procedures you’ve been billed for, and checking your medical history for errors on a regular basis will also help you find any problems quickly. Never give any information out over the phone unless you were the one who called the doctor or insurance company. Scammers call and claim to be employees of the doctor or insurance company in order to get your information.

If you suspect someone has stolen your medical information, contact your medical and insurance provider to report and begin resolving this often-complicated problem.  If it ends up on your credit report, call us and we can assist in clearing up those issues.