Medical identity theft most potent kind

'We say encrypt, encrypt, encrypt.'
By Kaiser Health News
February 11, 2014
09:48 AM

By Michael Ollove, Stateline

If modern technology has ushered in a plague of identity theft, one particular strain of the disease has emerged as most virulent: medical identity theft.

Last month, the Identity Theft Resource Center produced a survey showing that medical-related identity theft accounted for 43 percent of all identity thefts reported in the United States in 2013. That is a far greater chunk than identity thefts involving banking and finance, the government and the military, or education. The U.S. Department of Health and Human Services says that since it started keeping records in 2009, the medical records of between 27.8 million and 67.7 million people have been breached.

The definition of medical identity theft is the fraudulent acquisition of someone’s personal information – name, Social Security number, health insurance number -- for the purpose of illegally obtaining medical services or devices, insurance reimbursements or prescription drugs.

[See also: Medical identity theft hits growth phase.]

"Medical identity theft is a growing and dangerous crime that leaves its victims with little to no recourse for recovery,” said Pam Dixon, the founder and executive director of World Privacy Forum. “Victims often experience financial repercussions and worse yet, they frequently discover erroneous information has been added to their personal medical files due to the thief's activities.”

The Affordable Care Act has raised the stakes. One of the main concerns swirling around the disastrous rollout of federal and state health insurance exchanges last fall was whether the malfunctioning online marketplaces were compromising the confidentiality of Americans’ medical information.  Meanwhile, the law’s emphasis on digitizing medical records, touted as a way to boost efficiency and cut costs, comes amid intensifying concerns over the security of computer networks.

Edward Snowden, the former National Security Agency contractor who has disclosed the agency’s activities to the media, says the NSA has cracked the encryption used to protect the medical records of millions of Americans.

Multiple motives

Thieves have used stolen medical information for all sorts of nefarious reasons, according to information collected by World Privacy Forum, a research group that seeks to educate consumers about privacy risks. For example:

  • A Massachusetts psychiatrist created false diagnoses of drug addiction and severe depression for people who were not his patients in order to submit medical insurance claims for psychiatric sessions that never occurred. One man discovered the false diagnoses when he applied for a job. He hadn’t even been a patient.
  • An identity thief in Missouri used the information of actual people to create false driver’s licenses in their names. Using one of them, she was able to enter a regional health center, obtain the health records of a woman she was impersonating, and leave with a prescription in the woman’s name.
  • An Ohio woman working in a dental office gained access to protected information of Medicaid patients in order to illegally obtain prescription drugs.
  • A Pennsylvania man found that an imposter had used his identity at five different hospitals in order to receive more than $100,000 in treatment. At each spot, the imposter left behind a medical history in his victim’s name.
  • A Colorado man whose Social Security number, name and address had been stolen received a bill for $44,000 for a surgery he not undergone.

Perpetrators use different methods to obtain the information, ranging from stealing laptops to hacking into computer networks, according to Sam Imandoust of the Identity Theft Resource Center.  “With a click of a few buttons, you might have access to the records of 10,000 patients. Each bit of information can be sold for $10 to $20,” he said.

According to HHS, the theft of a computer or other electronic device is involved in more than half of medical-related security breaches. Twenty percent of medical identity thefts result from someone gaining unauthorized access to information or passing it on without permission. Fourteen percent of breaches can be attributed to hacking.

“We say encrypt, encrypt, encrypt,” said Rachel Seeger, a spokesman for HHS’s Office For Civil Rights, which is charged with investigating breaches of medical records in health plans, medical practices, hospitals and related institutions.

[See also: Locking down EHRs from medical ID theft.]

Topics: 
Network Infrastructure, Privacy & Security, Government & Policy

More regional news

Clinician in scrubs at a hospital computer

CommonSpirit partners up with U of U for clinical collaboration

By
Andrea Fox
November 22, 2024
Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024

EHR tips on migrating an all-digital hospital to Epic

By
Bill Siwicki
November 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

India to harness ABDM data to develop public AI
South Korea to digitise medical image exchange system
ASTP intros 2024 draft Federal FHIR Action Plan
VA must strengthen controls addressing EHR performance
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards