Data Breaches and Medical Identity Theft

June 1, 2015

Data privacyAnthem Healthcare of California is in the middle of a lawsuit over hacked computer systems that exposed millions of individual’s data to cyber thieves.

Customers who wish to obtain a policy with Blue Cross of California are required to provide Social Security numbers. The company didn’t put in place the security necessary to encrypt those numbers. That oversight resulted in thieves getting their hands on personal information.

Anthem revealed in February that its information technology systems had been hacked. Besides Social Security numbers, thieves were able to get away with birthdays, income data and other personal information of about 80 million individuals.

Identity theft to most people is no big deal. Just report the theft, get a replacement card and no money is lost.

There’s a growing problem of ID theft that goes beyond credit cards.

Medical identity theft occurs when a cyber thief swipes a person’s identity to receive medical services, buy medical products or steal from health insurers. The problem affects private insurers as well as Medicare and Medicaid in addition to private citizens who may need to access healthcare services.

Data breaches give cyber thieves access to healthcare as well as complete medical history. Cyber thieves find that medical identity theft pays off more than credit card numbers.

The Medical Identity Fraud Alliance claims a 22 percent growth in 2014. About 66 percent of the victims spent more than $13,000 EACH in out-of-pocket costs to resolve the theft.

The World Privacy Forum places the number of victims nationally at between 5 million and 10 million. Florida and Arizona, home to many retirees, are two regional hot spots.

Unlike cyber theft from retailers, crooks can steal enough information from health insurers to damage a person’s financial life and even open new credit accounts in the victim’s name.

Possibly more problematic, cyber thieves muddle medical records with potentially life-threatening results. If someone receives medical care in an individual’s name, the victim’s medical history can end up containing incorrect information dealing with allergies, drug interactions, diseases and blood types.

Three Steps to Take to Safeguard Medical Records

Review Insurance Statements

Regularly review the “explanation of benefits” statements which your heal insurers sends out. If you find services, office visits or medical equipment purchases that you didn’t make, contact your insurer immediately. Only 20 percent of people regularly read their explanation of benefits letters, usually because they’re hard to understand.

Sometimes, cyber thieves will change a billing address and the victim will never see the statements. Request, annually, a copy of that year’s benefits that were paid in your name.

Electronic Medical File

Get a current copy of the electronic medical file. The medical file includes a list of current medications and procedures. If your health provider, or insurer, provides online access to the records, make screenshots or printouts. Some health providers may charge for the copies and you’ll want to skip the most expensive ones such as copies of x-rays.

Insurance Card

In day-to-day goings-on, guard your health insurance card as you would your Social Security number. As an alternative to carrying the card with you, photocopy the insurance card and, using a black marker, block out the last four digits. If there’s an emergency, the health care provider can call the insurer and get the information needed to provide treatment.