When the retail shopping chain Target experienced a large-scale data breach in 2013, consumers and advocates alike flew into a near-panic mode. It was an eye-opening event, to be sure, and one that has been repeated with a number of other large retailers. While the end result was hundreds of millions of dollars in damage to the corporation, the plus side to it is consumers are more aware than ever about the potential for data breaches.
On the other hand, when the Anthem healthcare breach happened more recently, consumer outcry was far quieter even though healthcare data breaches stand to cause far more damage to citizens than a retail data breach. To understand why, you have to uncover what it is that cyber criminals get in a healthcare breach and what they can do with it. So many consumers are largely unfazed since their financial information isn’t accessed, but there is a much larger problem they may now face.
In the famous Target data breach, hackers accessed the credit card and debit card information for an estimated 70 million to 110 million customers. Some of those individuals also had their names, addresses, email addresses, and phone numbers accessed. The damage a hacker can do with that information is still very serious, but the thieves would typically rely on tactics like phishing email campaigns, selling the information to spammers, or other additional action ploys.
So what can a hacker gain during a healthcare data breach? Your name, address, Social Security number, family members’ names and Social Security numbers, employers’ name, bank account numbers, and more.
According to a study by Kaiser-Permanente, there were around 1,000 medical data breaches between 2010 and 2013; 29 million individual health records are believed to have been accessed by criminals in those breaches. Five states—California, Florida, Illinois, New York, and Texas—accounted for more than one-third of all the medical breaches in the country.
But consumers still seem to respond more proactively to retail data breaches than to medical data breaches. If you receive a letter informing you that your credit card number was accessed by a cybercriminal, what do you do? You get a new credit card from your account issuer, and the old account number is useless. But how do you go about getting a new Social Security number if hackers access your medical information? You don’t.
A financial data breach is serious and must be acted upon immediately, but it’s vital to remember that a healthcare data breach is potentially even more serious. A hacker can use your identity for years to come once he gains access to that level of personally identifiable information.
There are steps you can take to minimize the potential for problems in a healthcare data breach, and most of it comes down to what you choose to share with your health care provider. On the required forms in the doctor’s office, are you using your physical address, or a post office box if you have one? Are you listing your Social Security number, even though it’s not required for medical treatment and is legally not to be used as an identification number? Are you providing the doctor’s office with a check (which contains your bank account number), or paying by credit card and then paying that off immediately?
While certain pieces of information are going to be included in your health insurance profile, the trail you leave behind in the provider’s office is a good place to start with preventing identity theft. By adopting an air of caution when it comes to your information, you can work to minimize the effects of a medical data breach.