Category Archives: Medical ID Fraud

10 States Going After Anthem After Data Breach

Reuters is reporting that 10 states, led by Connecticut, have sent a letter to Anthem complaining that the company is moving too slowly in notifying consumers of the data breach that affected up to 80 million customers and employees (see article).  The states are assuming that Anthem know precisely who’s data was taken and they may not know that yet.

I hadn’t really thought about it, but this breach is really quite different than having your credit card stolen in the Target breach.

In the Target case, under federal law, your maximum liability for fraudulent charges is $50 and many credit cards waive even that.

It is a bit of a pain, you call the credit card company, maybe you sign a form, they close the card, issue you a new one, remove the charge and you are done.

One advantage of using credit cards over debit cards if you can is that in the case of a credit card, you are arguing over a bill.  In the case of a debit card, the money is no longer in your bank account.

However, in the case of Anthem, you may have a right to sue Anthem if that data is used to say open a fake account in your name, but you would have to prove that you were damaged and prove that it was Anthem’s fault.  Even if you are successful, it could take years to go through the courts.

The states are saying that Anthem must commit to reimbursing people for any losses associated with the breach between the time of the breach and the time that the company provides access to credit monitoring services.

Ignoring that those services are far from bullet proof and ignoring the fact that there is a delay between when they make that service available to you and when you actually sign up for it and it becomes active, the states are not saying that Anthem should assume responsibility for what happens to you after you sign up for credit monitoring services.

And, as I said before, since the effects of this kind of fraud can last for years, unlike credit card fraud which can be shut off by issuing a new card, people will be dealing with this for years.

And, apparently, legally, Anthem may have to pay a fine, but if you are damaged, you are going to have to sue them to try and be made whole.

That means, if you are a current or former Anthem customer or employee,  that you should be checking your credit report frequently for any bogus accounts that might be set up

Mitch

 

Facebooktwitterredditlinkedinmailby feather

Why Medical Identity Theft Is Such A Big Deal

The insurance trade rag Property And Casualty 360 wrote about medical identity theft and the impact is staggering.

First just one example breach – A physician office’s server, which contained unencrypted information on 2,500 patients, was hacked and encrypted. The hackers demanded $50,000 to unencrypt the information and return control of the server.

That obviously, is pretty traumatic to the physician’s group, but why is medical ID theft important to you.  Here are a couple of reasons the article pointed out:

  • your credit rating can be damaged
  • Your health insurance policy could be cancelled
  • Your health insurance premiums could go up
  • Your health could be at risk

According to PhishLabs, a cybercrime protection services vendor, medical ID information is worth 10 to 20 times what credit card information is worth.

Why is that?  The answer is simple.  If your credit card is stolen, you get a new one and they shut off the old one.

How do you shut off your medical ID information and get new information?  Like a new social security number?  You don’t!  Which means the life expectancy of the stolen information is very long.  You could perpetrate ongoing crimes for years.

And, unlike credit card fraud where you are likely to review your bank or credit card statement when it comes in the mail, that is much less likely for medical ID fraud.  And the fraudsters could hide in the weeds for a year and then pop up, go into hiding again and rinse and repeat.

One question many people ask is where is the value in medical ID fraud.  One value is bogus insurance claims which translates to dollars.  An example might be that the bad guys say you now have diabetes.  Then they submit claims for all kinds of care.  Care you never knew about or got, but your insurance company will pay for.  Done cleverly, it would not throw up any flags.

But now, according to your insurance company, you now have diabetes and your electronic medical record says so (so it MUST be right).  If Congress repeals Obamacare next year like they have tried to do 40+ times so far, your insurance gets cancelled or your premiums go up.  Now you have to PROVE you don’t have diabetes.  And with all the interchange of electronic medical records, you are playing the whack-a-mole game.  You get your diabetes removed from one database but now provider A (where it still says your are a diabetic) sends an update to Insurance Company B (where you are not) and bam!, you are a diabetic again.

Worse yet, you have no way of knowing every place where your medical information lives (unlike credit, where if you correct the 3 main credit databases, you are pretty well covered).  Under federal law, the 3 credit reporting companies have to talk to each other if you even whisper fraud.  Not true for insurance and provider databases.  No particular laws cover this and that is not likely to happen any time soon.

For the consumer who gets sucked into this, it is a real mess.  How do you clean up a mess that you can’t even see (tell me every place your medical info lives – I dare you).

 

Mitch

Facebooktwitterredditlinkedinmailby feather