As many of you are probably aware, identity theft is one of the fastest growing crimes in America. Identity theft, a crime where a criminal steals an individual’s personal information and uses it for fraudulent purposes, has become so prevalent in recent years that it has been consistently outnumbering violent crimes by over 10 million cases per year. As our society becomes more and more digitized, the risk of cyber crimes like identity theft grows greater and greater and in more recent years, the health care industry has become an increasingly popular target.
Similar to regular identity theft, medical identity theft occurs when an unauthorized individual uses your personal medical records and health information without your knowledge to receive payment for medical treatments, goods, and services. Medical identity theft often leads to falsification of records which can be devastating to a patient’s medical history and ongoing care. Medical identity thieves will typically create fictitious records under a victim’s name so that they can gain access to expensive prescription drugs and attempt to collect payments for fake treatments.
Medical records are also a very valuable target for thieves because of the critical personal information that is contained in them. In typical identity theft cases, criminals try to obtain private personal information like social security numbers and credit card accounts. Medical records contain both social security numbers and credit card payment information in addition to driver’s license numbers, birth dates, addresses, individuals’ physical characteristics, and bank account numbers, making them an incredible source of information for identity thieves.
Identity thieves also like to target medical records because oftentimes, the health care providers who store and manage these records have lax security procedures and theft prevention systems. These facilities often hold on to personal data for long periods of time and many do not dispose of personal data using secure methods. In addition, electronic medical records (EMR) systems are still relatively new technology and as a result, they present their fair share of issues. These systems are often unorganized, difficult for facilities to monitor and manage, and susceptible to breach. Because EMR systems are so new, there is little standardization amongst the systems and this makes effective management and monitoring nearly impossible. Another reason why these systems are big targets for identity thieves is the sheer number of patients that have their data stored in these systems. From a hacker’s perspective, these large EMR systems are oftentimes poorly managed and monitored, have weak security defenses, and contain enormous amounts of critical personal information, making them the perfect target.
Due to the various reasons listed above, medical record information has become a hot commodity for hackers and cyber criminals. In the last 5 years alone the number of medical data breaches has quadrupled. In 2013, the American healthcare industry experienced more data breaches than any other industry out there and the number of breaches rose 20 percent from the previous year. According to the Ponemon Institute, approximately 1.8 million Americans were victims of medical identity theft in 2013. The cost of that? 12.3 billion dollars.
Currently, the data shows that the healthcare industry will once again be the most breached industry in 2014. These numbers are unlikely to improve any time soon because more and more health information goes digital every day and the creation of health exchanges under the Affordable Care Act is bringing more individuals into the marketplace. Research shows that the number of electronic medical records in America will likely increase 7 percent every year. EMR systems need a large number of improvements in usability, compatibility, and security and these improvements will likely take several years to implement. Until then, it is up to the patients themselves to protect their records from breach and there are several steps that can be taken to help do so.
In our next news article we will further discuss medical identity theft and go over steps that can be taken to help better protect yourself.