One Reason People Steal Medical Records

37 billion dollars.

Is that enough reason?

As health premiums increase, more people, especially healthy ones, are moving to high deductible health plans (HDHPs).  A feature of all HDHPs is the option to create a health savings account (HSA).  HSAs are tax advantaged in several ways, so most people who have HDHPs also have HSAs.

The estimated value of money stored in HSAs is about $37 billion in about 20 million accounts.  That is a lot of money – even to crooks. And the numbers are going up at a rate of about 20% a year.

The thing about HSAs is that people don’t think of them like bank accounts.  They don’t check the balance every day.

Since your legal protection is limited to a short period of time after the fraud (for debit cards, if you don’t notify the bank within 60 days of them mailing the statement, you have unlimited liability).

Since the amount of hacking is going up, the price of credit card data on the black market is going down.  If you merge credit card info with credit scores (higher scores tend to map to higher HSA account balances) and also with stolen medical info, you now have what is called a fullz (a full dossier) and those are selling for about $80-$100 a whack on the black market, assuming the bad guy doesn’t use it him or her self.

So, ponder this.

If you steal someone’s healthcare information (like in the Anthem breach), you probably have enough information to either hack into someone’s HSA or socially engineer your way in.

And, if the owner is not watching the balance, you might get lucky and not be detected for months.

So what this means is that if you have an HSA banking account, you need to watch it just like you would watch your checking or savings account.

If you HSA provider offers the option to send you text or email alerts when money goes into or out of the account, you should turn those options on.  AND, you need to read those emails or texts when they come in, not ignore them.

Yeah!  A new type of fraud to worry about.

Information for this post came from Dark Reading.


Leave a Reply

Your email address will not be published.