Data breaches and identity theft are becoming so prevalent that some industry experts have said they’re inevitable, and that identity theft is basically unavoidable. The good news is there are steps consumers can take to minimize the chances of becoming victims of data breaches or identity theft, but the bad news is those types of crimes don’t only affect your information or even your finances.
In some cases, the consequences of a data breach can actually be deadly. That is, if the entity that was infiltrated is a part of the health care industry. While major health insurance providers like Anthem have already been the victims of data breaches, individual health care systems like the UCLA Health System are also prime targets for hackers. Medical offices, hospitals, and insurance providers are notorious for collecting copious amounts of information on their patients and storing it in centralized computers. Many systems and offices also use outside billing contractors, and research has already shown that in the majority of data breaches, the culprit—intentionally or accidentally—is a third-party vendor or contractor.
UCLA Health System is just the latest in a long line of medical data breaches. In that instance, hackers are believed to have gained access to around 4.5 million patients’ names, addresses, Social Security numbers, health records, and more. The breach is thought to have started in September 2014, and allowed hackers to access this unencrypted information.
But how does that affect patients’ health? Unfortunately, this is a case where you almost hope the hackers just want to steal your financial identity. If they’re able to sell the data to people in order to commit medical identity theft and fraud, then that will allow people to use the stolen information to gain access to healthcare.
The frightening worst-case scenario would involve something like this: a thief goes to the hospital for treatment using your name, insurance information, and more. Doctors discover he’s diabetic, and he’s put on a treatment regimen that includes insulin. Your medical records now not only indicate that you have diabetes (and could be treated as such in an emergency if you can’t confirm that it’s not true), but they also indicate you’re taking insulin. This could cause a host of problems, not the least of which are of a dire nature. It’s also possible that a pharmacy or insurance company would deny you a different medication or treatment option due to “red flags” about how that option would interact with insulin or diabetes.
Of course, that is an overly alarming thought, but the more likely circumstance is of a far more annoying nature. Where there are laws in place that cover an identity theft victim following a financial issue like credit card fraud, those protections aren’t necessarily in place yet for medical identity theft. One article indicated that most victims of financial fraud are responsible for around $50 in charges, if any charges at all. However, “the majority of victims of medical identity theft paid an average of $13,500 to resolve the crime.” Compounded with our strict privacy laws in this country where health care is concerned, it can be difficult to resolve medical identity theft.
As with all data breach and identity theft issues, the best option for now is to prevent a thief from getting as much of your information as possible. While you can’t personally prevent hackers from breaking into the computer network of a major medical center, you can certainly limit the amount of information a thief would find under your name. You are not required to provide your Social Security number to a medical office, for example, and many offices have been found to ask for it without even knowing why they collect it. You can also read over all insurance statements carefully—not just the box that tells you how much you owe—to make sure someone isn’t already using your information without your knowledge.