Browse our Publications
Click here for Consumer Resources
Medical Identity Fraud: A Primer
Ann Patterson, Senior Vice President and Program Director at Medical Identity Fraud Alliance (MIFA) talks to Eric Wicklund, Editor of mHealthNews, about MIFA and the efforts to prevent and combat medical identity theft and fraud.
Click here to watch the video and learn basic facts about medical identity theft and fraud.
Click here to view the accompanying slides.
2017 Data Breach Industry Forecast
MIFA Founding Member Experian Data Breach Resolution releases its fourth annual Data Breach Industry Forecast with five key predictions. While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. The industry predictions in the report are rooted in Experian’s history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone. The anticipated issues include nation-state cyberattacks possibly moving from espionage to full-scale cyber conflicts and new attacks targeting the healthcare industry. The content also addresses issues such as ransomware and international breach notice laws. Access the complimentary white paper here.
Medical Identity Theft: A Deadly Side Effect of Healthcare Data Breaches
Medical identity theft is a terrible crime, risking the health and lives of patients whose information has been stolen. And with ransomware and other threats to healthcare data, it’s a crime that will only continue to grow. But with the right information, you can fight back. In today’s connected world, patients’ health data is strewn across the digital universe. From electronic health records (EHRs) to physician’s iPads to wearable health devices, a patient’s confidential medical information is available to more people in more places than ever before. Sensitive medical diagnoses, health insurance numbers, and other information are there for the viewing — and the stealing. In this eBook from MIFA Founding Member ID Experts you’ll:
- Learn the size and scope of medical identity theft.
- Discover how healthcare data breaches turn patients into victims.
- Get the insider view on healthcare fraud.
- Study the thorny issue of identity ownership.
Click here to download the eBook.
Experian’s 2016-2017 Data Breach Response Guide
Companies are establishing response plans more than ever before, and senior leadership is also becoming more involved in data breach preparedness, according to MIFA Founding Member Experian Data Breach Resolution. Despite this increased awareness and preparedness, however, many companies are forgetting the vital step of regularly reviewing and updating their strategy once their initial plan is established. To make sure companies are prepared with well-rounded, updated plans, Experian’s annual Data Breach Response Guide has been refreshed to focus on the importance of regularly updating a response plan. In addition, this year’s guide includes new content regarding the importance of looking outside of one’s own organization when creating a response plan and engaging essential external partners that can offer specific expertise in the face of a breach. Click here to download the 2016-2017 Data Breach Response Guide.
What Breached Entities Need to Know Before Choosing ID Theft Services for Victims
When companies, organizations or government agencies experience a data breach that may have exposed people’s personal information, one of the many issues they must address is how to help those affected. Should they offer them identity theft services? If so, how should they choose the provider and what features should they look for? The Consumer Federation of America, a MIFA Strategic Partner, and its Identity Theft Service Best Practices Working Group, which includes consumer advocates and identity theft service providers, have created a checklist, “My company’s had a data breach, now what? 7 questions to ask when considering identity theft services,” to help breached entities make these decisions. Click here for the checklist on identity protection services.
Sixth Annual Study on Privacy and Security of Healthcare Data
Published by MIFA Founding Member ID Experts, the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data reveals 89 percent of organizations experienced data breaches. For the second year in a row, the study reveals that criminal attacks are the leading cause of data breaches in healthcare, up to 50 percent, and human error, such as unintentional employee actions, comprise the other half of breaches. Six years into the research, the study finds that data breaches in healthcare are not declining, despite a slight increase in awareness and spending on security technology. It has cost the industry $6.2 billion. Click here to download the study.
Improving Patient Portal Adoption and Decreasing Fraud with Advanced Identity Verification Solutions – IDology
The patient portal has emerged as an important tool in the ongoing effort to transform healthcare. Providers and policymakers alike hope that creating a means for patients to electronically interact with healthcare organizations will foster greater patient engagement, stronger continuity of care and increased operational efficiency. The rise of medical identity theft means providers must deploy sophisticated, layered authentication systems to ensure the highest level of security. Recent headlines of healthcare data breaches have further underscored the importance of protecting Electronic Health Records. MIFA Member IDology examines practices that enable healthcare organizations to deliver enhanced identity verification practices that provide a more convenient and less intrusive experience for end users accessing healthcare information exchanges in their whitepaper, Improving Patient Portal Adoption and Decreasing Fraud with Advanced Identity Verification Solutions.
Medical Identity Theft: FAQs for Health Care Providers and Health Plans
While patients have the right to view and request corrections to their medical records under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, there is confusion about how this rule applies in the case of an identity thief’s information being comingled with that of his or her victim’s. Some medical providers and health plans believe they would be violating the identity thief’s HIPAA privacy rights if they gave victims copies of their own records. That’s not true. Nearly one in five victims of medical identity theft were refused access to their medical records “due to laws protecting the privacy of the identity thief.” Even in this situation, patients have the right to get a copy of their records. Click here for the FAQs for providers and payers.
Medical Identity Theft: Recommendations for the Age of Electronic Medical Records, California Attorney General’s Office
Recognizing that the move to electronic medical records provides an opportunity to combat medical identity theft, Attorney General Kamala D. Harris has provided best practice recommendations for the health care industry. The recommendations are focused on the impact on medical records when someone uses another person’s information to obtain medical goods or services. Drawing on the lessons learned by other industries on combatting fraud in electronic transactions, the Attorney General’s guide offers recommendations for health care providers, payers, health information organizations and policy makers. The industry guide is supplemented with an in information sheet for consumers, First Aid for Medical Identity Theft, that provides tips on what to do in response to the various signs of possible medical identity theft. Click here to download the best practices paper.
Finding a Cure for Medical Identity Theft
MIFA Founding Member CSID published a white paper “Finding a Cure for Medical Identity Theft.” Many consumers are unaware of medical identity theft and the harm it can cause – both to their wallet and their health. Yet medical identity theft is the fastest growing segment of identity theft in the United States. Ponemon Research reported that 90 percent of healthcare organizations have exposed their patients’ data or had it stolen in 2012 and 2013, and the industry has seen more than 200 breach incidents in 2014 alone. Click here to download the paper.
A complimentary, accompanying webinar, “Looking for a Cure for Medical Identity Theft,” is available through CSID’s cyberSAFE Series.
SANS Healthcare Cyber Report, based on Norse Threat Intelligence
SANS developed this report based on threat intelligence data gathered by Norse, a MIFA Founding Member, related to healthcare organizations in the U.S. The report details how healthcare organizations of all types have been and continue to be compromised by successful attacks. Among the key findings:
- Every type of healthcare organization was represented, from hospitals to insurance carriers to pharmaceutical companies
- Compromised devices included everything from radiology imaging software, to firewalls, to Web cameras, to mail servers
- A significant number of compromises were due to very basic issues such as not changing default credentials on firewalls
Click here to download the report.
Risks & Rewards of Online & Mobile Health Services: Consumer Attitudes Explored
MIFA Founding Member Experian studies how the Internet and mobile apps have changed how organizations deliver services and engage with their target audiences. This is especially true for the health care industry. With access to the Internet, consumers can consult with physicians, book an appointment, check test results or learn more about a health condition. Risks & Rewards of Online & Mobile Health Services: Consumer Attitudes Explored examines consumers’ perceptions about sharing their personal information when using online health services and mobile apps. It also reveals the practices believed to be important to protecting personal health information from a possible data breach. Click here to download the study.
Best Practices in case of a Healthcare Data Breach
MIFA Founding Member Experian outlines steps to take during the first 72 hours in the event of a healthcare information data breach. Be prepared to address the needs of your business as well as those of your clients, employees and customers. Learn about laws and regulations governing companies that collect and use healthcare and medical information. Click here to download the best practices paper.