Healthcare Data Breaches Sep 1, 2015
How Can Data Breaches Harm Your Health? The Increasing Hazards of Medical Data Breaches
As many had predicted, 2014 turned out to be the year of the data breach. Starting with Target at the very end of 2013, massive breaches at Home Depot, Staples, Dairy Queen, P.F Chang’s, Michaels, Goodwill, Jimmy John’s, Neiman Marcus, and JPMorgan Chase followed in 2014, with the very high profile breach at Sony Pictures closing the year on an unsettling note. It’s no wonder companies are feeling so vulnerable. width=”442″ height=”221″ />
People are also feeling vulnerable: research data reveals that individuals whose information is compromised in a data breach are up to five times more likely to suffer from identity theft and fraud.
2014 wasn’t pretty from a data security perspective. Have things fared any better in 2015?
Many of the same pundits who predicted 2014 would be the year of the data breach have predicted 2015 will be the year of the healthcare breach. This prediction seems to makes sense…with all of new healthcare exchanges being created, the push toward electronic health records and the realization by fraudsters that healthcare identities are worth many times more our financial identities, a surge in healthcare-related cybercrime seems inevitable. Not surprisingly, we are seeing a huge increase in the number of individuals signing up for identity theft protection.
How can data breaches be so hazardous to your health?
The health and financial hazards of a medical data breach can be significant. Consider these scenarios: a three-week-old baby’s family suddenly receives a collection notice for unpaid medical bills on work-related back injuries. A woman is denied insurance coverage because her medical record shows that she is an HIV-positive 28-year-old man, and a childless woman is arrested for allegedly abandoning her baby at the hospital soon after birth. A man is taken to the hospital with extreme stomach pain, but his appendicitis is misdiagnosed, because his medical record erroneously states that he had his appendix out five years ago.
All these people are victims of medical identity theft, a crime that can destroy your credit rating, your access to medical treatment, and your life.
According to World Privacy Forum, “Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity — such as insurance information — without the person’s knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods.”
There are three types of medical identity crime according to the Identity Theft Resource:
- Financial Medical Identity Theft: Someone receives medical help using your name and/or other information.
- Criminal Medical Identity Theft: You are being held responsible for someone else’s criminal behavior (e.g., the woman arrested for allegedly abandoning a baby).
- Government Benefit Fraud: Your medical benefits in programs such as Medicare or Medicaid are being used by another person.
According to the Federal Trade Commission’s most recent figures, medical identity theft accounted for 3% of identity theft crimes, or 249,000 of the estimated 8.3 million people who had their identities lifted in 2005. But as more healthcare providers convert to electronic medical records, medical identity crimes will likely become more prevalent.
Medical identity theft typically leaves a trail of falsified information in medical records that can plague victims’ medical and financial lives for years. It can create erroneous entries in a person’s existing medical records, or it can involve the creation of fictitious medical records in the victim’s name (e.g., if someone with a fake insurance card in your name goes to a hospital where you have never been). As medical information is shared among hospitals, physicians and insurers, false information can propagate far and wide.
width=”177″ height=”177″ />The most obvious cause of medical identity theft is that someone steals your medical insurance card or insurance benefit statements. Large-scale medical identity theft is more often an inside job, with medical office staff or facilities contractors copying medical records and selling them to criminal interests who may then sell counterfeit insurance cards to uninsured American and illegal immigrants. A Business Week article noted that as of 2007, health records were fetching $50 to $60 each on the black market, versus $.07 for stolen resumes. In other cases, doctors or organized crime use patient information to fraudulently charge healthcare providers for services that were never provided.
Defense strategies to keep medical information secure
Medical identity theft is difficult to rectify. First, unlike financial fraud, there is no established procedure to correct medical identity theft. Second, medical institutions and healthcare providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to protect patient information — even if that patient is being treated under a false identity — making it nearly impossible to get misinformation out of medical records. That makes implementing an effective defense strategy to keep sensitive medical information secure even more critical. Responsible healthcare institutions are taking proactive steps to identify where their sensitive data resides.
There are essential security strategies healthcare companies need to use to have complete confidence they are keeping customer information secure. Dataguise works closely with healthcare organizations to ensure their sensitive health data stays private, while also ensuring they stay compliant with federal HIPAA and all state, federal, and industry privacy laws. Using the most precise, one-stop security solution available, we help organizations pinpoint where their sensitive data is across all repositories and then protect (un)structured information wherever it lives and moves.
To learn more, please visit dataguise.com and live chat with us. Dataguise experts look forward to discussing and implementing data security strategies to prevent data breaches that can be so harmful to your organization and your customers.