The recent large-scale data breach at Community Health Systems, a major American hospital chain with dozens of locations around the country, was irrefutable evidence that the identity theft crisis now extends to the healthcare system, with 4 million personal records falling in the hands of cyber criminals. Many consumers don't realize that fraudsters can use those records to bill enormous expenditures under their names. They may buy expensive equipment or drugs that they then resell on the black market, or file fictitious claims with insurers.
Or imagine getting a bill for a heart procedure you never had. Then you find out that someone purchased a mobility scooter and other expensive medical equipment using your social security number, adding up to tens of thousands of dollars in outstanding costs. That's what Larry Ponemon, founder of data protection services think tank the Ponemon Institute, says happened to one victim of medical identity theft last year.
Some fraudsters may actually seek medical care using a stolen identity. Seventeen-year-old Nikki Burton didn't realize that she had been the victim of medical fraud until she tried to donate blood at a local Red Cross. She then learned that someone had used her social security number to get treated at an AIDs clinic in another state.
The percentage of healthcare providers who have reported an attack on their digital systems has reportedly doubled from 20 percent to 40 in the last five years. Exact numbers are not made public, because medical providers and insurers are not legally required to report data breaches if fewer than 500 patients are affected. Unfortunately, the industry is far more vulnerable than you may think.
“Healthcare providers and hospitals are just some of the easiest networks to break into,” cybersecurity expert Jeff Horne tells Yahoo Finance. “When I’ve looked at hospitals, and when I’ve talked to other people inside of a breach, they are using very old legacy systems — Windows systems that are 10 plus years old that have not seen a patch.”
Health insurance experts say the costs associated with this burgeoning criminal market are ultimately passed down to patients. Many digital security advocates are currently calling for increased security and theft prevention in the healthcare industry. Ponemon says he would like to see the adoption of some of the standards of banks and credit companies, like flagging certain activity occurring in a city other than where the customer lives.
"The insurance industry could do a better job to make sure the [health insurance ] credential is state of the art, that it isn't just a piece of plastic but has information about you or could even in fact be a biometric or even a retina or facial scan," Ponemon tells Fortune Magazine.
It's important to take aggressive steps to guard your privacy and help protect yourself against fraud. Keep a close eye on your medical and insurance records, following up immediately if you notice any strange or unfamiliar charges. You should also monitor your creditworthiness by investing in a credit monitoring service. While such services cannot guarantee that you will not be the victim of medical identity theft, they can alert you to certain activity that may indicate fraud.
Don't forget how much of your medical information may be available in your personal digital accounts, such as patient record portals, medical insurance profiles and emails. Be sure to use a completely different password for each account, so that if a hacker does gain access to one all of your information isn't vulnerable. Passwords should always combine upper and lowercase letters, symbols and numbers, and should not contain recognizable names or words. To help you keep track of all of your login information without compromising your information, consider using a secure password manager like SafeConnex.