When you read an account of the devastating “Black Death” Plague that spread across Europe and Asia in Medieval times, it’s impossible not to be awed by the statistics. In just five years, one-third of Europe’s population, 25 million people, were dead. It hit so fast and so unexpectedly that people were unable to protect themselves. As one writer summarized, “A terrible killer was loose across Europe, and medieval medicine had nothing to combat it.”
While experiencing medical identity theft isn’t always as devastating as dying from the plague, it’s easy to draw some parallels.
- Both affect people in such a way that they are completely unaware of it until it is often too late? Check.
- It can spread unexpectedly fast? Check.
- The victims are not limited to one group, whether by country, age, race, or socioeconomic class? Check.
- People can die as a result of it? Check!
I don’t mean to get too melodramatic, but this topic is on my mind today because of the results of recent reports using data gathered by the Ponemon Institute in which they revealed some equally incredible statistics:
- Nearly 43% of all record breaches in personal information in 2014 involved health records. (That’s more than those involved with banking and finance, education, the government and the military AND THIS WAS BEFORE THE ANTHEM BREACH!)
- Since the U.S. Department of Health and Human Services started keeping records in 2009, the medical records of 27.8 – 67.7 million people have been breached.
- Of those, there are an estimated 2.32 million Americans who have become victims of medical identity theft. Again, those statistics were compiled before the Anthem data breach, which may affect as many as 80 million more!
- Cyber attacks on health care providers have doubled since 2010.
Medical ID theft is the fraudulent acquisition of someone’s personal information–name, Social Security number, health insurance number– for the purpose of illegally obtaining medical services or devices, insurance reimbursements or prescription drugs.
Understanding the importance of medical identity theft can not be over-emphasized. Some important reasons:
- The information taken in a health care breach is non-alterable (you can’t change your Social Security number or birth date) and is therefore valuable forever on the black market.
- It can be significantly more expensive to recover from a medical data breach. Unlike credit card fraud, which has a liability limit of $50, the Ponemon study suggests that 65% of medical identity theft victims had to pay an average of $13,500 to resolve the crime.
- In addition to the cost, it took victims more than a year to successfully dispute the charges, clear up their medical records, and repair the damage to their credit.
- When your credit card is stolen, you are notified quickly of suspicious activity. Healthcare providers may not even know about your information being used, let alone advise you about suspicious activity. On average, it takes up to three months for medical identity theft victims to learn of fraudulent activity.
I’ve addressed this topic before so rather than repeat myself as to the methodology of the criminals and how to be preventative, I’ll send you back to a Burning Questions episode I did back when the last survey was released.
If you don’t think it’s important to be well-informed on this topic, consider the words of James Pyles, a Washington, D.C. lawyer who has dealt with health issues for more than 40 years: “It’s almost impossible to clear up a medical record once medical identity theft has occurred. If someone is getting false information into your file, theirs gets laced with yours, and it’s impossible to segregate what information is about you and what is about them.”
For now, medical identity theft is a plague with no readily available cure. It will take legislation, technological leverage and a lot more attention on the part of health providers to eliminate this nasty virus.
John Sileo is an an award-winning author and keynote speaker on keeping your organization from becoming the next data breach headline. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.