Medical identity theft and medical data breaches are a growing concern for doctors’ offices, hospitals, law enforcement and lawmakers alike. About one of every three Americans had their medical records compromised. More than 1.5 million patients’ records have been compromised in 106 medical data breaches so far this year, placing the medical/healthcare industry second in the number of breaches, following the business sector.
Patient records often contain your complete identity profile, and perhaps even your Social Security number. That makes medical files a hot commodity for identity thieves.
For starters, a typical identity thief can use or sell your medical information to receive care. That’s where the life-threatening part can come in. Your medical identity might be used fraudulently by someone who receives care for conditions or illnesses you don’t have. Once that information is part of your file, any medicines, treatment plans, or diagnoses the thief receives can threaten your safety if they don’t suit your medical needs.
The sharp rise in ransomware hack attacks against medical facilities is also a growing concern. Some hospitals pay the hackers’ ransom to avoid lawsuits and HIPAA violations. That means your medical records can net a cybercriminal a lot of money, in a variety of damaging ways.
In addition, health and fitness apps are a newer avenue for stealing your medical information. While the connection between these apps and your privacy is still a gray area, 8 out of 10 health apps have left the door wide open to data breaches and privacy violations.
It’s better to be safe than sorry with your health-tracking apps. If left unprotected or allowed to have too many permissions (like accessing your location, connecting to your contacts lists or your social-media accounts, for example), it could pose a hacking problem.
Also, putting your information at risk is your smartphone which could easily fall into the wrong hands. It’s important to passcode-protect your phone, deny unnecessary permissions on your apps, and use a strong, unique password when setting up each app’s account.
If the industry has learned anything from hackers, it’s that they’re always one step ahead with technology. Too often, once the technology is out there and in the cloud, hackers find a way to exploit it for their gain, then consumers must learn how to protect themselves.
Just as important, consumers must ask the hard questions of their healthcare providers about where their information will end up, who can access it, and how it’ll be protected. It’s fine (and legal) to refuse to turn over your Social Security number to those who don’t need it.
It’s also imperative to review all account statements, medical insurance statements and medical bills carefully for signs that someone is billing you for care you never received.
Handle those issues immediately, and remember, if your medical identity is stolen, there’s a real possibility your identity will be used in other illicit ways. Monitor all of your accounts carefully for suspicious activity. And, when in doubt, contact the Identity Theft Resource Center to have a victim advisor answer your questions.
About the author: Eva Velasquez is CEO and president of the Identity Theft Resource Center