The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
If recent disclosures regarding the massive wave of breaches suffered by retailing icons Target, Neiman-Marcus and Sally Beauty haven’t scared you enough, try to wrap your brain around the new Ponemon Institute Patient Privacy and Data Security study. The study has found a 100% increase in criminal attacks on health care organizations since 2010. But if that weren’t enough, they also found something far more disturbing.
“Despite concerns about employee negligence and the use of insecure mobile devices, 88 percent of organizations permit employees and medical staff to use their own mobile devices such as smart phones or tablets to connect to their organization’s networks or enterprise systems such as email. Similar to last year more than half of (these) organizations are not confident that the personally-owned mobile devices or BYOD are secure.”
According to the report, very few organizations require their employees to install anti-virus/anti-malware software on their smartphones or tablets, scan them for viruses and malware, or scan and remove all mobile apps that present a security threat prior to allowing them to be connected their networks or systems.
I don’t know about you, but that scares me to death. Because we live in a time when breaches have joined death and taxes as the third certainty in life, this is foolhardy at best.
What should concern you about these findings (and several others in the report) is that assaults on health care systems don’t simply create the potential to have credit cards stolen or checks redirected: it’s that hackers are getting access to your health care data (“protected health information,” or “PHI” in regulatory speak), and the real world consequences of that are far more devastating.
Medical identity theft is on the rise, just as the rise in criminal breaches of health care providers is spiking. Medical identity theft accounted for 43% of all identity theft reported in 2013, and the U.S. Department of Health and Human Services estimates that somewhere between 27.8 and 67.7 million people’s medical records have been breached since 2009 (and that’s before the flawed rollout of the Affordable Care Act).
So what happens if a criminal gets his or her dirty little hands on your pristine medical records?
To some extent, it depends upon how much information you have shared with your doctor. While it goes without saying that your physician will have all the requisite contact and insurance information for billing, he or she might also have information that they don’t necessarily need to have such as your Social Security number, your family names and/or birthdays (which are often passwords or challenge questions for your bank, credit card and brokerage accounts) and even financial information that could be used to access your bank or credit card accounts.
Your name, address, Social Security number and family information can be used not only to access your existing financial accounts (either directly or via social engineering), but also to open new lines of credit in your name. This is why it’s important to check your free annual credit reports, as allowed by law. You can also monitor your credit by using a free tool like Credit.com‘s Credit Report Card, which updates two of your credit scores every month. Any unexpected change in your scores can signal identity theft.
On top of these financial risks, your medical records provide a veritable cornucopia of information that can be used in other ways. For instance, once a criminal has your personal and insurance information, he or she can use it or enable another to gain access to the health care system in your name, contaminating your medical records with his or their co-mingled information. Nothing is more dangerous than going to a hospital and having “your” medical records, as used by an identity thief or his/her customer, reflect an inaccurate blood type, medical history or the existence or absence of certain allergies as you are trying to access care, particularly in an emergency situation.
If an impostor uses your insurance to gain access to health care, it can also affect your own ability to access care: many insurance plans have yearly caps on certain types of care – and no insurance company is going to pay for “one person” to have an appendectomy twice. An identity thief with access to your insurance could drain your coverage before you even know it’s happened – and leave you in the lurch when you need it.
There is of course another big target here, namely your prescription history. Prescription drug abuse was up 10% last year, according to the federal government, and the value of some prescription drugs on the street is on the rise. An identity thief could very well use their access to your medical records to get the prescription drugs you need for your own health and well-being – leaving you both without your meds and with a suspicious doctor or pharmacist wondering why you maxed out all your refills so quickly and are coming back for more.
Massive cyberattacks resulting in the types of breaches we saw at retailers during the past three months generate a great deal more headlines and arguably create a greater sense of urgency today than ever before, In reality, once credit and debit cards are replaced, for the most part, the immediate danger has passed. Subsequent phishing attacks by email, phone and text are more problematic but if consumers exercise care, damage can be contained and issues resolved. However, when it involves medical identity theft, the crime can be nearly invisible until there’s an emergency and the consequences can literally be life threatening.
Image: iStock
April 11, 2023
Uncategorized
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized