Criminal cyber attacks on healthcare information repositories have increased 125% since 2010. With the announcement of the Excellus breach last week, the total number of big-headline medical information compromises reported in 2015 (such as Anthem, Primera, Carefirst) had crossed the mind-blowing demarcation line of 100 million files.
The Excellus breach exposed the names of clients as well as their dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claim information. In terms of the type of information compromised and the amount of it, this most recent mega medical information breach, estimated to affect as many as 10 million consumers, was negligibly smaller than the Premera compromise, which exposed 11 million records. Yet it received nowhere near the same amount of media attention.
The reason is something called breach fatigue. Sure, news of the Excellus breach was a lead story, but if you think about it for a moment, was it the first thing people brought up at the proverbial water cooler the day the news broke? Probably not.
Here’s why the Excellus breach should have had tongues wagging:
- According to the Identity Theft Resource Center, the medical/healthcare sector accounted for the highest percentage of breaches in 2014 at 42.5%.
- As discussed in my forthcoming book, Swiped, medical identity theft can be life-threatening. When your personally identifiable information is used by another person to acquire healthcare, your medical history is literally contaminated with the PII, and hence the medical information, of another person. If that mingling of data results in the removal of an allergy or a change of blood type, the result could put your life in jeopardy.
- If someone gains unauthorized access to your health insurance, you could find yourself in a quagmire should you suffer from the same ailment as the thief and require a particular treatment or medical procedure. Consider how serious that could be if the procedure you need (and can’t get because it’s already been performed on the imposter) happens to be something like bypass surgery, amputation, cancer treatment or any other major intervention.
While you think back to the day the Excellus news broke—there was the talk about the floods in Japan, refugees in Europe, the U.S. Open, the upcoming third episode of “Fear the Walking Dead”—I’m guessing the number of times that particular breach came up was low to nil. That’s fine. We’re not talking about breach fatigue per se. The real issue is that we need to raise and maintain awareness of the threat.
While you reflect upon the non-discussions about last week’s Excellus news, consider how a person might reply to a “Howya doing?” greeting at the water cooler after learning that they have become the victim of medical identity theft. Most likely, they would say something about it. And dollars to donuts, they would say they were in a waking nightmare.
How to Tell If You’ve Been Bit by the Medical ID Theft Zombie
Medical identity theft is hard to detect, and many people still alarmingly do not understand that it’s a real and present danger.
In the first episode of the new AMC show, “Fear the Walking Dead,” it takes a while for Los Angelenos to understand what’s happening, i.e., that the zombie apocalypse has begun. We are in a similar situation with medical identity theft, but in the real-world version, with vigilance on your part, you can better protect yourself.
Here are the telltale signs you’ve been infected.
- There is an error on your medical file. While this can happen in the usual way—even doctors make mistakes—it could signal trouble. TIP: Many doctors provide online access to your medical records. If yours does, take advantage of it and make sure the information there is accurate. If you cannot access your file, ask your doctor to read it to you.
- You receive phishing emails that refer to your healthcare provider or billing that require personally identifiable information to learn more. TIP: Always look up and call the main number of any entity that requests personally identifiable information. Only authenticate yourself when you are in control of the virtual or telephonic conversation.
- You get one-ring phone calls. TIP: If you do not recognize the number, let it go to voicemail. Some fraudsters call your phone number after purchasing your information on the black market to see if your number works (i.e., your file is worth trying to exploit). Never return a one-ring call to ascertain who called, because these can also be scams that trigger a charge on your phone bill.
- Your Explanation of Benefits lists a doctor visit you didn’t make or a prescription that wasn’t issued to you. TIP: Read all your mail from healthcare providers, making sure that there is nothing in the correspondence that could point to fraud. If you suspect your information has been used, call your healthcare provider immediately.
- You are contacted by a debt collector regarding your failure to pay in a timely manner a doctor, laboratory or medical facility. TIP: Demand that the debt collector provides the details within five days and immediately contact the medical provider and your insurer.
- Your credit score takes a sudden dive due to a medical collection that mysteriously appears on your credit report. TIP: You can get a free annual credit report from each of the three major credit reporting agencies (or more frequently, depending on the state where you reside). Schedule time to check those reports for any suspicious items, like collection accounts that might not really belong to you. You can also get a free overview of your credit and two free credit scores from Credit.com, updated monthly so you can watch for important changes.
While we may not be looking at a medical identity theft “apocalypse” a la the zombie shows, movies and comics, medical identity theft can definitely feel apocalyptic when you’re the victim. Protect yourself, know the warning signs and you just might stand a chance.
