USA Today reports that Excellus, a health care company based in upstate New York, suffered a cyber attack that may have exposed information belonging to as many as 10 million clients. The breach was actually discovered in August, but further reviews of Excellus’ security suggests that this is far from the first time that the firm has experienced a cyber break-in. In fact, earlier this year the company hired a security firm to review its computer system in response to the increasing number of attacks on the health care sector.
The firm discovered that Excellus had been experiencing data breaches since at least 2013, prompting it to reach out to the FBI.
The information regarding names, dates of birth, addresses, phone numbers, Social Security Numbers and finances belonging to clients could make it easy for criminals to commit identity theft. While there have been no signs of wrongdoing yet, there is no telling how much information actually leaked out onto the web, and how long thieves might wait to strike.
Health care information repositories face increased attacks
One thing that is clear is that the health care industry is increasingly under attack from those who seek to steal its data and misuse it, often to the detriment of customers. A recent article in the Huffington Post claimed that such cyber attacks on health information repositories have increased by 125 percent since 2010. During this year alone, about 100 million files have been taken.
While the seemingly constant stream of data breaches should, in theory, prompt a strong response from the industry, there is a risk that the opposite may happen. Huffington Post contributor Adam Levin calls it “breach fatigue,” and explains that each additional data breach story will have less of a psychological impact on those who hear about it.
“Sure, news of the Excellus breach was a lead story, but if you think about it for a moment, was it the first thing people brought up at the proverbial water cooler the day the news broke?” Levin writes. “Probably not.”
This means it is important for consumers of health care to take responsibility for their own security.
How to spot medical ID theft
What are some signs of medical ID theft ?
You may be receiving strange emails that seek to learn some of your personal information. It’s important to never input this information into any web form that you don’t trust, and it is even better to call the number of your medical provider rather than send the information electronically. Often, identity thieves use phishing email schemes to take victims unawares.
You may also notice strange errors in your medical files. Of course, it is perfectly possible that there are innocuous reasons for these that have nothing to do with identity theft, but they are worth looking into nonetheless. It is possible that someone has already accessed them and tampered with them without permission.
Finally, you may notice a medical condition suddenly appear on your credit report, causing your credit score to drop. You probably never experienced this condition — rather, it means that your personal information has been compromised and thieves are trying to use it for their personal gain, such as through insurance fraud.
There are many more signs, and even the most vigilant consumer can have trouble tracking them all. That’s why for the best protection, consumers should consider signing up for a credit monitoring services that can alert you to certain activity on your credit file that may be indicative of fraud.