Browse our Publications

Click here for Consumer Resources

Medical Identity Fraud: A Primer

Ann Patterson, Senior Vice President and Program Director at Medical Identity Fraud Alliance (MIFA) talks to Eric Wicklund, Editor of mHealthNews, about MIFA and the efforts to prevent and combat medical identity theft and fraud.

Click here to watch the video and learn basic facts about medical identity theft and fraud.
Click here to view the accompanying slides.


2017-2018 Data Breach Response Guide

MIFA Founding Member Experian Data Breach Resolution released its most recent data breach response guide. For those who are just getting started or need to audit their existing plans, this guide covers preparedness from every angle. Experian wants this guide to be a useful tool for every organization looking to improve its security posture because the potential for a data breach is not going away. The sooner an organization gets ready, the better. Access the guide here.


Medical Identity Theft: A Deadly Side Effect of Healthcare Data Breaches

Medical identity theft is a terrible crime, risking the health and lives of patients whose information has been stolen. And with ransomware and other threats to healthcare data, it’s a crime that will only continue to grow. But with the right information, you can fight back. In today’s connected world, patients’ health data is strewn across the digital universe. From electronic health records (EHRs) to physician’s iPads to wearable health devices, a patient’s confidential medical information is available to more people in more places than ever before. Sensitive medical diagnoses, health insurance numbers, and other information are there for the viewing — and the stealing. In this eBook from MIFA Founding Member ID Experts you’ll:

  • Learn the size and scope of medical identity theft.
  • Discover how healthcare data breaches turn patients into victims.
  • Get the insider view on healthcare fraud.
  • Study the thorny issue of identity ownership.

Click here to download the eBook.


Report: The Geography of Medical Identity Theft

Medical identity theft has existed in various forms for decades, but it was in 2006 that World Privacy Forum published the first major report about the crime. The report called for medical data breach notification laws and more research about medical identity theft and its impacts. Since that time, medical data breach notification laws have been enacted, and other progress has been made, particularly in the quality of consumer complaint datasets gathered around identity theft, including medical forms of the crime.

This report finds that medical identity theft is growing overall in the United States, however, there’s a catch. The consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.”

In addition to documenting geographic and growth patterns, the complaint data also documented significant and heretofore largely unreported patterns of harm related to debt collection resulting from medical identity theft, including debt collections documented to be one to three years in duration. Click here to learn more. Download the report here.


2017 Data Breach Industry Forecast

MIFA Founding Member Experian Data Breach Resolution’s fourth annual Data Breach Industry Forecast includes five key predictions. While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. The industry predictions in the report are rooted in Experian’s history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone. The anticipated issues include nation-state cyberattacks possibly moving from espionage to full-scale cyber conflicts and new attacks targeting the healthcare industry. The content also addresses issues such as ransomware and international breach notice laws. Access the complimentary white paper here.


What Breached Entities Need to Know Before Choosing ID Theft Services for Victims

When companies, organizations or government agencies experience a data breach that may have exposed people’s personal information, one of the many issues they must address is how to help those affected. Should they offer them identity theft services? If so, how should they choose the provider and what features should they look for? The Consumer Federation of America, a MIFA Strategic Partner, and its Identity Theft Service Best Practices Working Group, which includes consumer advocates and identity theft service providers, have created a checklist, “My company’s had a data breach, now what? 7 questions to ask when considering identity theft services,” to help breached entities make these decisions. Click here for the checklist on identity protection services.


Sixth Annual Study on Privacy and Security of Healthcare Data

Published by MIFA Founding Member ID Experts, the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data reveals 89 percent of organizations experienced data breaches. For the second year in a row, the study reveals that criminal attacks are the leading cause of data breaches in healthcare, up to 50 percent, and human error, such as unintentional employee actions, comprise the other half of breaches. Six years into the research, the study finds that data breaches in healthcare are not declining, despite a slight increase in awareness and spending on security technology. It has cost the industry $6.2 billion. Click here to download the study.


Improving Patient Portal Adoption and Decreasing Fraud with Advanced Identity Verification Solutions – IDology

The patient portal has emerged as an important tool in the ongoing effort to transform healthcare. Providers and policymakers alike hope that creating a means for patients to electronically interact with healthcare organizations will foster greater patient engagement, stronger continuity of care and increased operational efficiency. The rise of medical identity theft means providers must deploy sophisticated, layered authentication systems to ensure the highest level of security. Recent headlines of healthcare data breaches have further underscored the importance of protecting Electronic Health Records. MIFA Member IDology examines practices that enable healthcare organizations to deliver enhanced identity verification practices that provide a more convenient and less intrusive experience for end users accessing healthcare information exchanges in their whitepaper, Improving Patient Portal Adoption and Decreasing Fraud with Advanced Identity Verification Solutions.


Medical Identity Theft: FAQs for Health Care Providers and Health Plans

While patients have the right to view and request corrections to their medical records under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, there is confusion about how this rule applies in the case of an identity thief’s information being comingled with that of his or her victim’s. Some medical providers and health plans believe they would be violating the identity thief’s HIPAA privacy rights if they gave victims copies of their own records. That’s not true. Nearly one in five victims of medical identity theft were refused access to their medical records “due to laws protecting the privacy of the identity thief.” Even in this situation, patients have the right to get a copy of their records. Click here for the FAQs for providers and payers.


Medical Identity Theft: Recommendations for the Age of Electronic Medical Records, California Attorney General’s Office

Recognizing that the move to electronic medical records provides an opportunity to combat medical identity theft, Attorney General Kamala D. Harris has provided best practice recommendations for the health care industry. The recommendations are focused on the impact on medical records when someone uses another person’s information to obtain medical goods or services. Drawing on the lessons learned by other industries on combatting fraud in electronic transactions, the Attorney General’s guide offers recommendations for health care providers, payers, health information organizations and policy makers. The industry guide is supplemented with an in information sheet for consumers, First Aid for Medical Identity Theft, that provides tips on what to do in response to the various signs of possible medical identity theft. Click here to download the best practices paper.


Finding a Cure for Medical Identity Theft

MIFA Founding Member CSID published a white paper “Finding a Cure for Medical Identity Theft.” Many consumers are unaware of medical identity theft and the harm it can cause – both to their wallet and their health. Yet medical identity theft is the fastest growing segment of identity theft in the United States. Ponemon Research reported that 90 percent of healthcare organizations have exposed their patients’ data or had it stolen in 2012 and 2013, and the industry has seen more than 200 breach incidents in 2014 alone. Click here to download the paper.

A complimentary, accompanying webinar, “Looking for a Cure for Medical Identity Theft,” is available through CSID’s cyberSAFE Series.


SANS Healthcare Cyber Report, based on Norse Threat Intelligence

SANS developed this report based on threat intelligence data gathered by Norse, a MIFA Founding Member, related to healthcare organizations in the U.S. The report details how healthcare organizations of all types have been and continue to be compromised by successful attacks. Among the key findings:

  • Every type of healthcare organization was represented, from hospitals to insurance carriers to pharmaceutical companies
  • Compromised devices included everything from radiology imaging software, to firewalls, to Web cameras, to mail servers
  • A significant number of compromises were due to very basic issues such as not changing default credentials on firewalls

Click here to download the report.


Risks & Rewards of Online & Mobile Health Services: Consumer Attitudes Explored

MIFA Founding Member Experian studies how the Internet and mobile apps have changed how organizations deliver services and engage with their target audiences. This is especially true for the health care industry. With access to the Internet, consumers can consult with physicians, book an appointment, check test results or learn more about a health condition. Risks & Rewards of Online & Mobile Health Services: Consumer Attitudes Explored examines consumers’ perceptions about sharing their personal information when using online health services and mobile apps. It also reveals the practices believed to be important to protecting personal health information from a possible data breach. Click here to download the study.


Best Practices in case of a Healthcare Data Breach

MIFA Founding Member Experian outlines steps to take during the first 72 hours in the event of a healthcare information data breach. Be prepared to address the needs of your business as well as those of your clients, employees and customers. Learn about laws and regulations governing companies that collect and use healthcare and medical information. Click here to download the best practices paper.