The parade of hackings at major health care providers continues with the recent announcement of a data breach at UCLA Health System affecting 4.5 million people.
The compromised information is a treasure trove of personal data for identity thieves. It included names, Social Security numbers, medical records, ID numbers and addresses. But, as I always say, things aren’t as bad as you think – they are far worse. The stolen data was totally unencrypted making the threat to the people whose data was in the UCLA Health Systems computers more serious.
Medical identity theft can not only result in your finances being threatened; the mixing of medical records of the identity theft victim with the medical records of the identity thief utilizing the same medical insurance can potentially be deadly, such as when a person might receive the wrong blood type for a blood transfusion. Compounding the problem is the fact that it is extremely difficult, and sometimes impossible, to remove the identity thief’s medical information from the victim’s medical records after the problem has been discovered, due to quirks in the medical privacy laws.
Medical identity theft is a bad problem that is only getting worse. While credit card identity theft financial liability is limited by federal law to $50, the majority of victims of medical identity theft paid an average of $13,500 to resolve the crime. In addition, according to the Ponemon Institute’s Fifth Annual Study on Medical Identity Theft, “In many cases, victims struggle to reach resolution following a medical identity theft incident. In our research, only 10% of respondents report achieving a completely satisfactory conclusion of the incident. Consequently many respondents are at risk for further theft or errors in healthcare records that could jeopardize medical treatments and diagnosis. Those who resolved the crime spent on average more than 200 hours on such activities as working with their insurer or healthcare provider to make sure their personal medical credentials are secured and can no longer be used by an imposter and verifying their personal health information, medical invoices and claims and electronic health records are accurate.”
Click here to read the full article.
July 25, 2015 by Steve Weisman, USA Today