Tag Archive for: medical identity theft

Medical Identity Theft: A Modern Day Plague

When you read an account of the devastating “Black Death” Plague that spread across Europe and Asia in Medieval times, it’s impossible not to be awed by the statistics.  In just five years, one-third of Europe’s population, 25 million people, were dead.  It hit so fast and so unexpectedly that people were unable to protect themselves.  As one writer summarized, “A terrible killer was loose across Europe, and medieval medicine had nothing to combat it.”

While experiencing medical identity theft isn’t always as devastating as dying from the plague, it’s easy to draw some parallels.

  • Both affect people in such a way that they are completely unaware of it until it is often too late? Check.
  • It can spread unexpectedly fast? Check.
  • The victims are not limited to one group, whether by country, age, race, or socioeconomic class? Check.
  • People can die as a result of itCheck!

I don’t mean to get too melodramatic, but this topic is on my mind today because of the results of recent reports using data gathered by the Ponemon Institute in which they revealed some equally incredible statistics:

  • Nearly 43% of all record breaches in personal information in 2014 involved health records. (That’s more than those involved with banking and finance, education, the government and the military AND THIS WAS BEFORE THE ANTHEM BREACH!)
  • Since the U.S. Department of Health and Human Services started keeping records in 2009, the medical records of 27.8 – 67.7 million people have been breached.
  • Of those, there are an estimated 2.32 million Americans who have become victims of medical identity theft. Again, those statistics were compiled before the Anthem data breach, which may affect as many as 80 million more!
  • Cyber attacks on health care providers have doubled since 2010.

Medical ID theft is the fraudulent acquisition of someone’s personal information–name, Social Security number, health insurance number– for the purpose of illegally obtaining medical services or devices, insurance reimbursements or prescription drugs.

Understanding the importance of medical identity theft can not be over-emphasized.  Some important reasons:

  • The information taken in a health care breach is non-alterable (you can’t change your Social Security number or birth date) and is therefore valuable forever on the black market.
  • It can be significantly more expensive to recover from a medical data breach.  Unlike credit card fraud, which has a liability limit of $50, the Ponemon study suggests that 65% of medical identity theft victims had to pay an average of $13,500 to resolve the crime.
  • In addition to the cost, it took victims more than a year to successfully dispute the charges, clear up their medical records, and repair the damage to their credit.
  • When your credit card is stolen, you are notified quickly of suspicious activity.  Healthcare providers may not even know about your information being used, let alone advise you about suspicious activity.  On average, it takes up to three months for medical identity theft victims to learn of fraudulent activity.

I’ve addressed this topic before so rather than repeat myself as to the methodology of the criminals and how to be preventative, I’ll send you back to a Burning Questions episode I did back when the last survey was released.

If you don’t think it’s important to be well-informed on this topic, consider the words of James Pyles, a Washington, D.C. lawyer who has dealt with health issues for more than 40 years: “It’s almost impossible to clear up a medical record once medical identity theft has occurred.  If someone is getting false information into your file, theirs gets laced with yours, and it’s impossible to segregate what information is about you and what is about them.”

For now, medical identity theft is a plague with no readily available cure. It will take legislation, technological leverage and a lot more attention on the part of health providers to eliminate this nasty virus.

John Sileo is an an award-winning author and keynote speaker on keeping your organization from becoming the next data breach headline. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

How Do I Stop Obamacare Identity Theft? [Burning Questions Ep. 3]

Today marks the start of the Affordable Care Act (aka Obamacare). As with any new, massive, government-sponsored program, scammers and identity thieves will try to take advantage of the public’s confusion and unfamiliarity with the new Health Exchanges (which we’re calling Obamacare Identity Theft).

Read more

Medical Identity Theft Expert John Sileo on Fox

[youtube http://www.youtube.com/watch?v=lqElASBJKhw&ns?rel=0] Medical Identity Theft Expert John Sileo speaks with Fox and Friends about how to avoid medical identity theft, and whether or not it can kill you. Luckily, even if medical identity theft could theoretically kill you, there are excellent and easy steps you can take to catch it early or prevent it entirely. Watch the video and then comment below with your questions or expertise.

John Sileo is a keynote speaker and medical identity theft expert with clients that include the Pentagon, Pfizer, Blue Cross, Blue Shield and many other health and financial organizations. See other videos on Medical Identity Theft here.


Can Medical Identity Theft Really Kill You? [Burning Questions Ep. 2]

There has been a great deal in the news about medical identity theft leading to death. Is it possible? Yes. Is it likely? Less likely than dying of a heart attack because you eat too much bacon. But let’s explore the possibility of death by medical identity theft (below, in this article), and why the threat gets sensationalized (in the video).

Read more

Medical Identity Theft Experts See Fast Growth

Healthcare data breaches are on the rise, 32% over last year. Though some may find this to be alarming, there is a school of thought that this is actually good news and that we are identifying breaches that perhaps went unnoticed in the past. However, the fact remains that breaches are on the rise, statistically, and many organizations fear they lack the infrastructure and budget to protect patient privacy.

The study found the reasons for growing data breaches in healthcare organizations to include:

  • employee mistakes and sloppiness
  • lost or stolen mobile computing devices
  • unintentional employee action
  • third-party error

On average, it is estimated that data breaches cost benchmarked organizations $2,243,700. This represents an increase of $183,526 from the 2010 study, despite healthcare organizations’ increased compliance with federal regulations.  Respondents in the study noted relying less on an “ad hoc’ process to prevent or detect data breach incidents and are relying more on policies, procedures and security.

Additional loss considerations to healthcare organizations include:

  • Productivity loss
  • Brand or reputation diminishment
  • Loss of patient goodwill
  • Potential for patient churn

Countermeasures being put in place to improve year-over-year breach statistics:

  • Employee training on policies and procedures governing information protection
  • Evaluation of organization-wide protection procedures for mobile devices
  • Enhancing the guidelines relative to privileged user and access governance of patient data

Conducted by Ponemon Institute and sponsored by ID Experts, the study utilized in-depth, field-based research involving interviews vs a traditional survey-based approach.


Summary of the top findings:

  • Over the last 24 months, 96% of organizations have had at least one data breach and, on average, organizations have had 4 data breach incidents, up from 3 cited in last year’s report.
  • The average economic impact is approximately $2.2 million, up $200,000 over last year
  • The average number of lost or stolen records per breach was 2,575 compared to last year’s average of 1,769

Top 3 causes of data breach:

  • Lost or stolen computing devises
  • 3rd party snafu
  • Unintentional employee action

Methods of Detection

  • Employees are most often the group to detect the data breach, followed by audits and finally, by patient complaints
  • The average time to notify data breach victims is approximately 7 weeks
  • A year-over-year increase (10%) is shown in organizations implementing an electronic health record (EHR) system

What a patient can do:

  • Sign-up for an identity monitoring service that includes both credit monitoring and medical identity monitoring.
  • Review explanation of benefits, insurance statements and medical summaries in detail.
  • Use passwords strategically. Don’t use the same one for all devices and mix them up using letters, numbers and symbols.
  • Stay alert to requests for personal data. Reputable organizations do not ask for this information over unsecured channels.
  • Read your financial statements thoroughly.
  • Freeze your credit or place a fraud alert on your credit (contact Equifax, Experian or TransUnion).
  • Get a free credit report by going to www.annualcreditreport.com or calling 1-877-322-8228.

John Sileo is an award-winning author and speaks worldwide on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Contact him on 800.258.8076 or learn more at ThinkLikeASpy.com.












Commonly Overlooked Sources of Identity Theft

You’ve heard it all before – conduct online business through secure Wi-Fi only, watch your incoming mail for erroneous credit invitations, check your statements and your credit reports, and set up strong passwords and alerts, yada yada! But here are a few additional times you’ll want to be vigilant, especially this holiday season!

  1. Car Loans. According to the Financial Crimes Enforcement Network, auto loan identity theft is twice as high as any other form. Most dealerships have you complete paperwork with identifying personal data (name, address, date of birth, phone number) up to and including a loan application, which likely includes your Social Security Number. How is this data handled? Unless you actually purchase the vehicle, and your paperwork becomes part of a permanent file, refuse to complete it. Most dealerships simply toss your paperwork after 30 days if you don’t make a purchase. Their trash receptacle then becomes a pre-qualified source for identity thieves.
  2. The Pharmacy. Pharmacy records contain your personal identifying information (name, address, date of birth, phone number, insurance plan information, employer and often, your Social Security number). Thieves look anywhere for taking basic information to build a new identity, or to re-fill prescriptions that they can then sell. Make sure your pharmacy asks for your ID, and request confirmation that they shred personal data.
  3. Doctor’s Office. This can be very serious, especially if a thief has manipulated your medical history through stealing your identity. When you fill out the requested forms at a physician’s office, do not put your Social Security number on the form. There is no reason the office needs this unless you are requesting some type of “loan” from them. Much of today’s information is sent via the Internet. Ask them what protections they have in place to safeguard your information. Many have installed firewalls, and other software, to help insure patient information safety, but many have not. If any medical facility or physician that you don’t recognize calls you asking for personal or medical information, question them. Ask who they are, why they need the information, what doctor referred them and if they have a number where you can call them back with this information. Verify their credentials. If you access your medical information online, read the facility’s privacy policy, as they are all required to have one posted. Read what information they collect, who they share their files with, ensure they have an encrypted site, and be very careful if you are accessing those files from a Wi-Fi location where your computer may be vulnerable to hacking.
  4. Mortgage ID Theft. The house you’re living in may not be yours. An identity thief will obtain your personal information and use it to obtain a home loan, or an equity loan, without your knowledge. An equity loan gives the criminal quick cash. Using the value of a home is one of the easiest ways to secure cash. There have been cases where the thieves have actually sold the victim’s home while they were still living in it, and were unaware they’d been victimized. Second homes and vacation homes are especially vulnerable to this type of identity theft, as it allows the thieves a longer period of time to get cash out of the property, or sell it before the real owner is aware there is a problem. All homeowners should routinely check with their county record’s office to ensure that their information is correct. If you receive any paperwork regarding your mortgage, a transfer of your mortgage or lender, don’t toss it out, pay attention because it may be the only warning you get until a new owner is knocking at your door.
  5. Cyber Greeting Cards. As we head into the holiday season, a new method of hacking into your computer is lurking in those adorable greeting cards sitting in your e-mail. It blinks at you saying you’ve been sent a greeting from a “friend.”

You open it and are directed to a site where malware will invade your computer, or you will be asked to “install” software to “play” the card. When this happens, malware, that could potentially destroy your computer or allow an identity thief access to your personal data, is unleashed. Unless the name of a real person that you know is attached to the greeting card, do not open it.

The Bottom Line

There is no way to protect your identity 100% of the time. Often, what happens to your personal information is completely out of your control. The only option you have is to be constantly diligent in tracking your information, protecting your information and asking where that information is going. You have the right to ask, you have the right to know and you have the right to withdraw that information if you feel uncomfortable.

Original story – 5 Overlooked Places Where Your Identity Can Be Stolen



Medical Identity Theft Increasing

Medical records are one-stop shopping for identity thieves. There is no need to slowly gather bits and pieces of someone’s personal information – it’s all packaged together: Social Security number, name, address, phone number, even payment accounts. Crooks have received everything from medication to a liver transplant using a stolen identity. And that’s only the tip of the iceberg! More than just medical treatment is at stake. Once a thief’s medical information is entered into your records, it’s extremely difficult to get rid of that information. It’s conceivable, for example, that at a later date, you’ll need a Type A blood transfusion but be given the thief’s Type B with dire consequences.

Identity theft of medical records has more than doubled since 2008, as stated in Javelin’s 2010 Identity Fraud Survey Report. It’s not difficult to imagine the misery that a million Americans have suffered during the past two years when their identities were stolen. And the Poneman Institute, in their National Study on Medical Identity Theft, states that another half million people loaned their insurance cards to uninsured family members and friends. The unsavvy lenders have incurred huge medical bills in this “friendly fraud”.

Larry Ponemon says that, on average, it costs $20,000 to resolve a medical identity theft case. Unlike credit card companies,where the banks incur the losses, the victims often have to pay for the fraudulent care and sometimes lose their health insurance or have to pay higher premiums to restore their accounts. Even though there are HIPAA laws to protect your privacy, not all health care organizations have strict safeguards in place.

The risk goes even further: if someone is treated using your identity, your medical records will more than likely be altered and could compromise your treatment and ability to get service.  According to Larry Ponemon, “stolen medical records offer a complete dossier to get a passport in a victim’s name that could be used for terrorism.”

Ways to Protect Yourself:

  • When you receive an Explanation of Benefits from insurers, read it carefully and save – don’t throw it away even when it says “this is not a bill”! If a treatment date or doctor’s name is not familiar to you, call the insurer and the billing physician to resolve.
  • If your wallet is stolen, contact your insurance company just as you would your credit card company. Don’t carry your Medicare card in your wallet. Carry a photocopy and black out the last four digits of the SS#.
  • Urge your health care providers to ask patients for photo ID’s.
  • Ask your doctors for copies of everything in your medical files, even if you have to pay for them.
  • Monitor your credit report at www.AnnualCreditReport.com. If you see medical billing errors, contact your insurer and the three credit bureaus, TransUnion, Experian, and Equifax.
  • Avoid Internet and storefront offers of free treatment and supplies.
  • Ask for a list of benefits paid in your name and an “accounting of disclosures” which shows who got your records.

John Sileo became one of America’s leading Information Control Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Health Insurance Fraud: Why pay when you can steal?

Why pay for Health Insurance when you can steal it?

As the economy dropped severely in 2009, the instances of Identity Theft continued to rise. With desperate times and individuals struggling, Medical Identity Theft and Health Insurance Fraud reports by emergency rooms have been higher than normal over the past several months.  According to Javelin Strategy and Research, in 2009 Medical Record Theft had the longest length of time, 493 days,  between the theft and detection by the insured. This also led to the highest fraud amount of $18,480 and the largest mean consumer cost of $2987. That means the average consumer that suffers from Medical Identity Theft pays almost $3000 of his own money to resolve the theft! This shows how the financial repercussions of Medical Identity Fraud are the largest among Identity Fraud types.

There are more than just financial risks to Health Insurance Fraud. If your name is linked with another person’s medical records, their blood type, medical history and medications are recorded on your chart.  Inaccurate information can lead to ER and hospital mix ups with health complications that could prove deadly.

A new article by NPR discusses the many issues and risks with Health Insurance Fraud and Medical Identity Theft. They advise everyone to get a hard copy of their medical records in case they become a victim and have to prove what their medical history used to look like. No matter the fee to do so, I encourage everyone to keep a copy of this in their locked fireproof safe. Hopefully you’ll  never have to prove your health history, but at least you will be prepared!

Read National Public Radio’s full article that discuss this rising issue.

John Sileo became one of America’s leading Social Networking Speakers and sought-after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.