Your personal health information in your medical records might be scattered across a few doctor’s offices, a clinic or two, or even a hospital. Your health insurer certainly stores some important personal information about you. If you’re like me, you’ve changed health insurers a couple of times since the advent of the Affordable Care Act. This means that more than one health insurance company has your social security number, home address, phone number, email address, name of employer, list of diagnoses and possible medications. Just enough for a cyber criminal to snap it up in a few seconds and then monetize and sell your private information on the black market.
I don’t hear many talking about this. Few seem to be concerned even though major news media have been sounding the alarm for a couple of years.
Maybe it’s time to listen up.
There has been a sharp increase in cyber attacks and security breaches in healthcare organizations, exposing millions of patients and their medical records. According to a new Ponemon Institute study in May of 2015 criminal attacks on hospitals, clinics, healthcare providers and health insurers are up 125 percent since 2010. The study also revealed that most healthcare organizations are still unprepared to protect patient data. Nearly 90 percent of healthcare providers were breached in the last two years.
Why would cyber hackers want information in your medical records?
Cyber criminals are after your medical records because your personal information is all in one place and unlike credit card numbers, cannot be easily changed. Poached from your medical records are social security numbers, birthdates, medical IDs, addresses, and personal health information. This is a gold mine for criminals who retrieve your information and use it for their benefit, and at your risk.
I’m sure you’ve heard about the recent cyber breach at UCLA Health Systems. Hackers broke into the network and may have accessed personal patient information from 4.5 million patients’ medical records.
My physician’s practice was bought by UCLA a while back, so this could directly affect me. Maybe you too.
This comes on the heels of the major cyber breach into Anthem, Inc., which affected 80 million Americans. Anthem is the 2nd largest health insurer in the U.S.
Last year alone, health records on 88.4 million people were breached as a result of theft or hacking. Data that was exposed were names, birthdays, medical IDs, social security numbers, street addresses, email addresses, employment information and income data.
UCLA and Anthem are only two of the major organizations whose networks were hacked for all kinds of valuable information for cyber criminals to sell on the black market. The list includes Premera Blue Cross, Community Health Systems, The U.S. Postal Service, The U.S. Government Office of Personal Management, Sony, Staples, Kmart, Home Depot, JP Morgan, and many more.
With the onset of electronic medical records (EMR), healthcare organizations are particularly vulnerable. Their security is often less sophisticated than other organizations.
Reuters reported, “Your medical information is worth 10 times more than your credit card number on the black market.”
Fraudsters use your personal data from medical records to create fake IDs, take out loans, open up lines of credit, and buy medical equipment or drugs that can be resold. They can also combine patient numbers with false medical provider numbers and file false claims with health insurers.
These criminals can also impersonate you to obtain health services.
After the Blue Cross cyber security breach, one patient discovered that his medical records were compromised after he started receiving bills for a heart procedure he never had. In addition, his personal info from his medical records was used to buy expensive medical equipment which incurred thousands of dollars in fraud.
“All healthcare organizations, regardless of size, are at risk for data breach,” revealed the Ponemon Institute study.
It’s time to wake up.
Unlike stolen credit cards, which can be easily detected and cancelled, if your personal medical information is stolen from your medical records, it might not be detected for years. Your medical records could be compromised with diagnoses that don’t belong to you, wrong blood types, and other errors. This could be serious if you have an urgent medical situation.
Note: If you are a caregiver for a patient, it is very important to be vigilant for him/her too, especially if the patient is elderly.
Tips to Protect Yourself (or a patient you care for)
1. Ask your doctor or hospital about the security of their electronic medical records.
2. Request copies of your medical records and review them for errors.
3. Review your Explanation of Benefits (EOBs) that you receive by mail or have access to on your health plan’s website. Check for errors.
4. If you notice any errors, alert your healthcare provider or health insurer immediately.
5. Each time a medical provider requests your social security number, ask if the last four digits will suffice.
6. If you store copies of your medical records online be sure it has a secure platform.
7. Keep an eye on your credit report. Unpaid medical bills can be reflected in your credit rating.
8. If you have been informed that your healthcare provider or insurer has suffered a security breach:
-Change all your passwords.
-Contact a major credit reporting agency and request that a fraud alert be placed on your account.
-If you received a letter about a security breach that could affect you, accept the free offer for credit monitoring, if applicable.
For further information, see my article published on KevinMD, How Much Health Care Data is Mined Without Your Knowledge?
Please visit www.thetakechargepatient.comRead More...