Consumers beware: you have more medical-related issues to be worried about, but a trip to the doctor or ER won’t cure them as the healthcare industry continues to be plagued by information security breaches.
Anthem Healthcare reported last week that approximately 80 million customer and employee records were stolen.
Last April I referenced the increase in medical ID theft and expressed concern about this lucrative cyber criminal business.
Here we are less than a year later and things are even worse as healthcare has become a most valuable target for cyber criminals due to the wealth of exploitable information in our medical records.
Since that column, there have been 79 additional healthcare related data breach events according to the Privacy Rights Clearinghouse; approximately 1.5 healthcare data breaches each week on average!
Anthem — provider of health insurance to nearly 10 percent of all Americans — reported that 80 million records were taken including names, birthdays, medical identification numbers, Social Security Numbers, street addresses, e-mail addresses, employment, and income information.
Now consider the financial value of these medical records and you’ll see the motivation. Stolen medical and healthcare records are the “Rolls Royce” with a black market value of approximately $200 per record as evidenced in hacker forums. As a comparison, our credit card records have become essentially a commodity and sell for about $1 per record.
ID theft criminals fraudulently use our stolen information for financial gain or to attain services at hospitals, emergency rooms, doctors’ offices, and pharmacies resulting in fraudulent charges and potentially deadly negative impacts to our medical records.
To make matters worse “phishers and phone fraudsters are capitalizing on the public concern over the Anthem data breach,” explained Brian Krebs, a nationally recognized security expert.
Krebs reported that, “the flood of phishing scams was unleashed just hours after Anthem announced publicly their data breach.”
Anthem said “all impacted members will receive notice via mail which will advise them of the protections being offered to them as well as any next steps, phishers took that as an invitation to blast out variations of phishing scams which spoofs Anthem and offers recipients a free year’s worth of credit monitoring services for those who click the embedded link.”
I encourage the healthcare industry to take a hard look at their information security and governance best practices. The Identity Theft Resource Center reported 42 percent of data breaches were related to healthcare last year and the Ponemon Institute found that data breaches in healthcare are costing $5.6 billion annually.
I also encourage all of you — whether you are an Anthem customer or not to review all of your medical bills, Medicare summary notices, explanation of benefits statements, and regularly review your credit reports (by going to www.annualcreditreport.com) to help protect yourselves from medical identity theft.
Mark’s Most Important:
Stay informed about your healthcare records and all related documents to avoid having to cure a big medical ID theft problem.
Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix. Reach him at firstname.lastname@example.org.
This article was originally published on AZcentral.com and republished with the author’s permission.