You probably read about the huge data breach that happened at Anthem where the records of nearly 80,000,000 people were stolen. The even more dismal news is that it took Anthem more than six weeks to discover that its IT system had been hacked. Community Health Systems had a breach of 5.4 million records. And UCLA Health System recently announced a data breach that affected 4.5 million of its customers. Apparently, this hack went undetected since October of last year. This means the thieves had more than seven months to do whatever they wanted with the data – totally undetected.
Why this is so scary
The reason why medical data breaches are much worse than those suffered by companies such as Target and Chase is because of the nature of the information that gets stolen. It generally consists mostly of names, addresses and credit card and bank account numbers. In comparison, comprised health data represents a huge amount of personal information for identity thieves as it typically includes medical records, ID numbers and Social Security numbers as well as names and addresses.
Not just your financial information is threatened
It is very bad if your information was stolen from Chase or Target but this is just your financial information. A medical data breach means that the thieves get your medical records, which could end up getting mixed with the thieves’ medical records. When this happens, you could end up being given a drug that will harm you or, even worse, a surgical procedure you didn’t need.
What compounds the problem
What makes this problem even worse is that it’s extremely difficult or sometimes even impossible to remove the medical information of the identity thief from your medical records even after you’ve found the problem. This is due to certain oddities in the laws regarding medical privacy.
It’s only getting worse
One of the best things about credit cards is that they usually limit your liability to $50 in the event of identity theft – assuming you notify your credit card providers pretty quickly. In fact, some will even waive the $50. But most of the people that had been victimized by the theft of their medical identity ended up paying an average of $13,500 to fix things. Ponemon Institute’s Fifth Annual Study on Medical Identity Theft found that “in many cases, victims struggle to reach resolution following a medical identity theft incident. In our research only 10% of respondents reported achieving a completely satisfactory conclusion of the incident.”
As a consequence of this many people may have errors in their health care records that could endanger their diagnoses and treatments. It was further reported in this study that people who were able to fix the crime spent an average of over 200 hours with their insurer and healthcare providers to ensure that their personal medical records are now secure and can no longer be utilized by a thief.
What you could do to protect yourself
It’s alarming that healthcare data breaches have accounted for 42.5% of all the breaches that occurred over the past three years. And, even worse, 91% of all healthcare organizations reported at least one breach over the past two years. So the big question is what can we do to prevent ourselves from falling prey to medical identity theft or what we could do to at least limit the amount of damage.
Limit the information
The first thing that you should do is limit the information you give your healthcare provider. The key to identity theft is your Social Security number. All a thief needs is this one bit of information to get your identity information and make your life a living hell. While healthcare providers usually want your Social Security number, there’s no reason for them to get it. Take a line from that old anti-drug commercial and, “just say no.” Give healthcare providers your driver’s license number or some other number that` would identify you.
Read your Explanation of Benefits — very carefully
Another thing you should definitely do to prevent problems is read carefully the Explanation of Benefits that your health insurance company provides you. Unfortunately, these documents are often written in confusing gobbledygook. They’re supposed to detail the use of your health insurance but often don’t explain anything very clearly. As a result, many people never take the time to read and understand them. The problem is if you don’t read your Explanation of Benefits carefully, you might miss language having to do with your insurance and identify theft.
What else you could do
If you were a customer of Anthem, Chase or some other company that suffered a data breach and believe that someone has misused your financial information, you could place a fraud alert on your credit report. This is free. Once you do this it makes it harder for the thief to open any more accounts in your name. When you have one of these alerts on your report a business must verify your identity before it issues any credit. In fact it might actually contact you. This alert will remain on your report for at least 90 days. You could then renew it.
An ounce of prevention
There are also precautions you can take to prevent identity theft. One of the most important of these is to shred your financial documents or any other documents that include your personal information. You should also monitor your credit reports and bank accounts periodically. If you spot any suspicious activity contact your bank immediately to report it.
Finally, you might consider purchasing one of those identity theft detection products such as Lifelock, PrivacyGuard or IDFreeze. Make sure that it does include identity restoration if you are the victim of identity theft. While these services cannot prevent your personal information from being stolen they will notify you very quickly in the event of identify theft and you should be able to utilize the company’s certified specialists to help restore your identity.
