All forms of identity theft have their own inherent threats, but one form can actually endanger your health. Medical identity theft, which happens when someone steals your medical information, can leave you vulnerable to changes in your medical records, trouble with your insurance company, and hefty bills to pay.
There are a couple of avenues for being affected by medical identity theft. The first is when a thief actively impersonates you in order to get medical treatment or prescription drugs; he can do that with something as simple as your driver’s license, especially if he goes to an emergency room seeking immediate care. The other method involves a concentrated effort to steal multiple people’s medical identities in order to sell them.
So how is this crime happening?
- Hospital ransomware attacks –A recent wave of ransomware attacks on medical facilities shows that there’s big money to be made in hacking into a hospital records system. When hackers gain control of a hospital network in order to extort money, some hospitals opt to pay the ransom. They might think it’s the only way to regain control of their “locked” networks and return to providing patient care, thus avoiding lawsuits. It may also seem like the only way to avoid huge fines for HIPAA violations if the hackers follow through with their threat of posting the patients’ records online. But as recent events have shown, there’s no guarantee that paying the hackers’ ransom will safeguard the patients’ information. Some hospitals have already found out the hard way that once hackers have that data, what they do with it is up to them.
- Data breaches – Experts have asked why hospitals continue to be breached, but the simple logic is that they spend their budgets on advanced medical equipment and highly-skilled professionals. There’s not much left over to afford military-grade cybersecurity. Even without the recent threat of ransomware, medical centers, doctors’ offices, and even health insurance companies have long been victims of data breaches. That’s because your medical records contain a lot of personal identifiable information about you. Even if the thief is just after your information (as opposed to your medical history), it’s all sitting right there in your file.
- Inside job breaches – It can be costly and time consuming to clear up the aftermath of identity theft, and it adds insult to injury to know that your complete identity might be sold online for literally a few dollars. But when someone illegally accesses multiple patients’ records and sells each record for $3 apiece, that amount can stack up. Unfortunately, all too often, the very employees who have access to every piece of your personal data work in positions that don’t typically pay the most, like billing or records keeping. A source of quick cash can be a temptation that’s too great to pass up.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.