Health care data is increasingly becoming a top target for scammers and hackers. A reason why fraudsters may be going after health care data more is because of its longer shelf life and rich potential for identity theft. Financial data has a finite lifespan and loses its worth as soon as the consumer notices the frauds and cancels their accounts or cards. However, health care data contains information that can’t be cancelled or changed as easily as a credit card.
Every year, with the exception of 2015, the number of healthcare data breaches has increased 70%, rising from 199 breaches in 2010 to 344 in 2017. According to a study published by the Journal of American Medical Association, “those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 176.4 million healthcare records. 75% of those records were exposed or stolen as a result of hacking or IT incidents.” Medical identity theft not only affects the patient (consumer), but has potentially disastrous ramifications on insurance providers as well as the healthcare providers.
What is medical identity theft?
Medical identity theft occurs when a fraudster illegally obtains and uses a patient’s Personally Identifiable Information (PII), such as name, Social Security number, and/or medical insurance identity number, to fraudulently obtain or bill for medical goods or services. This kind of fraud also includes the unauthorized personal gain of insurance benefits, prescription drugs, employment, government benefits, or other financial gain acquired through the theft of another individual’s PII. Hackers have also been known to sell stolen health care records on the black market.
The ten largest data breaches of patient data in 2018 involved email, targeted phishing attacks, and database misconfigurations. The largest health data breach during this same time was caused by a hack on a billing vendor, AccuDoc Solutions. 2.65 million Atrium Health patients were involved in the breach.
Who is at risk?
Everyone is at risk for medical identity theft but seniors are increasingly targeted. Navigating the Medicare system isn’t easy to begin with. When confusion enters the picture, scammers view it as an especially ripe time to take advantage of the ever-growing aging population. Always keep in mind that Medicare will never call to ask for sensitive personal financial information.
How can you help protect yourself?
- Review the Explanations of Benefits (EOB) statement or Medicare Summary Notice that your health plan sends after treatment. Immediately report any mistakes or unfamiliar charges, such as a doctor’s visit you did not make or prescriptions that you did not fill.
- Check in with your doctor(s) to ensure your medical records are accurate. Make sure the records contain your procedures, treatments, prescriptions, and other medical activities. If you notice inaccurate health details such as the wrong blood type, pre-existing conditions, or allergies, it may be a sign that an identity thief has accessed your records.
- Get a copy of your medical records periodically and keep them in a safe.
- Do not share your medical or insurance information with other individuals.Especially do not provide your medical information over the phone or via email unless you initiated the contact and have verified the entity you are contacting.
- Treat your medical identity with the same care and caution you do any of your other sensitive information, such as your financial credentials. Shred health documents you no longer need. Peel the labels off of your prescription bottle and shred them as well.
If you are unsure about sharing your personal information with someone who says they are from your health plan—DON’T. Directly contact the Member Services number on your ID card so you can be sure the person is a verified health representative.