Identity Theft: involves the misuse of another individual’s personal identifiable information for fraudulent purposes.
- Identity theft is the fastest-growing crime in the U.S., affecting 1 in 20 consumers.
Medical Identity Theft: occurs when someone uses an individual’s name and personal identity to fraudulently receive medical services, prescription drugs or goods, including attempts to commit fraudulent billing.
- Medical identity theft affected 2 million people in the U.S. in 2011.
Data Breach: a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual. Data Breaches may involve:
- Credit card numbers
- Personally identifiable information
- Protected health information
- Social Security Number
- Trade secrets
- Intellectual property
Who/What’s at Stake?
An identity is stolen every 3 seconds!
- 5 million Americans were victims of identity theft in 2003.
- 12.6 million Americans were victims of identity theft in 2012.
- 608,271,950+ records have been compromised due to security breaches since 2005.
- 94% of Healthcare organizations surveyed suffered at least one data breach in the past two years.
- A medical record can fetch $50 on the black market.
Cyberterrorism is on the horizon.
Cyberterrorism is any “premeditated, politically motivated attack against information computer systems, computer programs, and data”. Why is it on the horizon? Currently unprotected mobile devices, personal and private data proliferation and distributed computing trends all drive the increase of data breaches and identity theft.
- 9.6 million petabytes of information is processed per year’
- 36.7 million people n the U.S. own smartphones.
- Healthcare organizations have moved from paper-based records to electronic health records.
- 88.6% of healthcare professionals access patient information with unsecured smartphones.
Defining breaches and regulations
- 2003: Choicepoint was the first “industry” breach. It affected 140,000 people in 50 states. Security breach laws were enacted in most states as a result.
- 2003: California enacted SB 1386, the first mandatory breach notification law in the U.S. to regulate the privacy of personal information.
- 2003: Fair and Accurate Credit Transaction Act (FACTA) granted consumers one free credit report per year.
- 2006: Department of Veterans’ Affairs had personal information stolen from its database, affecting 26.5 million people.
- 2007: T.J. Maxx had 45 million credit and debit card numbers stolen.
- 2009: Health Information Technology for Economic And Clinical Health (HITECH) Act incentivized healthcare organizations to adopt electronic medical records.
- 2011: 77 million Sony PlayStation accounts were hacked.
- 2012: 780,000 Medicaid patients and children had their information stolen from the Utah Department of Health.
- 2013: HIPAA Final Rule strengthens the privacy and security protections for health information.
Data breaches are expected to escalate with the looming threats of organized crime, corporate espionage and cyberterrorism.
John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.