When you think about identity theft, what probably comes to mind is a thief stealing Social Security, bank account or credit card numbers and using them to make fraudulent transactions or get loans in other people’s names.
But there’s another kind of identity theft that’s growing at an alarming rate. In 2010, nearly one and a half million U.S. consumers were victims of medical identity theft, according to a recent study by The Ponemon Institute. Even more shocking: the study found that nine out of ten U.S. consumers know nothing about medical identity theft. What’s more, nearly half of all victims took no steps to protect themselves after the crime.
As more and more hospitals and physicians switch from paper to electronic health records (EHRs), cyberthieves have realized that stealing EHRs means money in the bank. They’re using consumers’ personal identifying information mined from data breaches to get medical services and drugs. That’s resulted in fake claims for everything from amputations and liposuction to delivering babies.
Of the 385 organizations hit with data breaches in the first half of 2010, 113 were in health care, according to the Identity Theft Resource Center. Many of them involved massive data losses. In 2009, a hacker left a ransom note on a Virginia state website, demanding 10 million dollars for over 8 million medical records he had stolen.
Data breaches can result from lost or stolen data stored on websites like that, or on drives, laptops and other wireless devices. Hospital wireless networks – with public areas open around the clock and countless staff members, patients and visitors coming and going – can also be easy targets for hackers. Guest/patient wifi networks mean data thieves can remain anonymous while they’re stealing patients’ electronic records.
Stolen medical data can be worth up to a hundred times more on the street than stolen credit card data. That’s because credit card fraud is easier to spot and stop than medical identity fraud, which can be repeatedly used to pay for expensive medical care that’s often not billed for months.
If your medical identity ends up being used by someone else, your insurance premiums may go up or your coverage may be denied. Even worse, if your medical information is altered, you could end up being misdiagnosed and receiving treatment that could endanger your life.
If you still think having your medical records swiped is preferable to having your bank account information stolen, consider this: medical identity fraud is the most expensive and time consuming type of ID fraud to resolve, according to the Ponemon study. More than half the victims took more than a year to discover it. The average cost per incident was a whopping $20,633.
In the not too distant future, everything from claims and payments submission to making medical appointments will be done online. That will make your medical identity even more vulnerable to security breaches. Here’s what you can do to protect it:
- Ask all health care providers whether your sensitive medical information is being transmitted over secure wireless networks, how it’s being safely stored and whether it’s being shared with third parties.
- Read the Explanation of Benefits (EOB) statement that your health plans sends you to ensure that claims match the services you received.
- Order copies of your free credit report annually to ensure there are no accounts opened in your name that you don’t recognize.
- Make sure your computer firewall is turned on and your antivirus software is up to date. Perform frequent scans for viruses and malware.
- Turn off the auto login option on your laptop to ensure you only log in to a wireless network when you’re ready; and when you do, it’s to one that you choose.
- Avoid exposing sensitive information such as your medical login, passwords and your Social Security number when you’re connected to wifi hotspots or other unsecured wireless networks.
- Disable file sharing, especially if your laptop is networked to a storage device or a home computer.
- Disable your wireless network when you’re not using it.
- Store your sensitive personal information and your electronic medical records on drives and other storage devices that aren’t connected to your computer. Keep hard copies in secure locations.
- Use a secure VPN like PRIVATE WiFi™ to ensure that all the data traveling to and from your computer is invisible to hackers.
If you’re a victim of medical identity theft, let us know what happened to you and take these steps:
- File a complaint with the Federal Trade Commission online.
- File a complaint with your local police department and send copies to your health insurer’s fraud department.
- Request copies of your medical records from all medical providers and exercise your rights under the Health Insurance Portability and Accountability Act (HIPAA) to correct errors in your medical or billing records.