The insurance trade rag Property And Casualty 360 wrote about medical identity theft and the impact is staggering.
First just one example breach – A physician office’s server, which contained unencrypted information on 2,500 patients, was hacked and encrypted. The hackers demanded $50,000 to unencrypt the information and return control of the server.
That obviously, is pretty traumatic to the physician’s group, but why is medical ID theft important to you. Here are a couple of reasons the article pointed out:
- your credit rating can be damaged
- Your health insurance policy could be cancelled
- Your health insurance premiums could go up
- Your health could be at risk
According to PhishLabs, a cybercrime protection services vendor, medical ID information is worth 10 to 20 times what credit card information is worth.
Why is that? The answer is simple. If your credit card is stolen, you get a new one and they shut off the old one.
How do you shut off your medical ID information and get new information? Like a new social security number? You don’t! Which means the life expectancy of the stolen information is very long. You could perpetrate ongoing crimes for years.
And, unlike credit card fraud where you are likely to review your bank or credit card statement when it comes in the mail, that is much less likely for medical ID fraud. And the fraudsters could hide in the weeds for a year and then pop up, go into hiding again and rinse and repeat.
One question many people ask is where is the value in medical ID fraud. One value is bogus insurance claims which translates to dollars. An example might be that the bad guys say you now have diabetes. Then they submit claims for all kinds of care. Care you never knew about or got, but your insurance company will pay for. Done cleverly, it would not throw up any flags.
But now, according to your insurance company, you now have diabetes and your electronic medical record says so (so it MUST be right). If Congress repeals Obamacare next year like they have tried to do 40+ times so far, your insurance gets cancelled or your premiums go up. Now you have to PROVE you don’t have diabetes. And with all the interchange of electronic medical records, you are playing the whack-a-mole game. You get your diabetes removed from one database but now provider A (where it still says your are a diabetic) sends an update to Insurance Company B (where you are not) and bam!, you are a diabetic again.
Worse yet, you have no way of knowing every place where your medical information lives (unlike credit, where if you correct the 3 main credit databases, you are pretty well covered). Under federal law, the 3 credit reporting companies have to talk to each other if you even whisper fraud. Not true for insurance and provider databases. No particular laws cover this and that is not likely to happen any time soon.
For the consumer who gets sucked into this, it is a real mess. How do you clean up a mess that you can’t even see (tell me every place your medical info lives – I dare you).