Data Breaches on the Rise: How Healthcare Organizations Can Protect Against Medical Identity Theft

Data breaches are almost becoming commonplace. Last year, the number of U.S. data breach incidents hit a new record high of 1,579, exposing nearly 158 million Social Security numbers. More than 27% targeted healthcare, according to the Identity Theft Resource Center (ITRC). While the rise in healthcare organizations experiencing data breaches hasn’t been proven to have directly caused the spike in medical identity theft, the correlation in these statistics’ growth certainly indicates a trend.

>> LISTEN: A New Kind of Warfare

The payout for criminals ensures that medical identity theft will not go away anytime soon. Medical information is worth 10 times more than a credit card number on the black market, and unfortunately health system cybersecurity is, like in many other industries, inadequate. Moreover, medical identity theft takes one of the longest amounts of time to detect compared to other types of fraud. Many people do not realize they have fallen victim to medical identity fraud until a collection agency starts calling them or the default appears on their credit reports.

The effects of medical identity theft can be damaging. The most common issue victims experience is being billed by a medical provider for services the fraudster received. If left uncaught, the financial impact can be significant. According to the Ponemon Institute, out-of-pocket cost to victims is $13,500 on average; though, for some medical identity fraud victims, expenses can be even more significant as there are currently no legal or regulatory consumer protections in place that limit the financial liabilities for this specific type of fraud.

Other common outcomes include being denied health insurance or benefits and discovering another person’s information mixed in with the victim’s legitimate records. This last outcome is arguably the most dangerous because inaccurate health records, such as allergies, blood type, or health conditions can lead to a patient receiving the wrong type of medical care. For example, if an individual’s medical record showed a person had a different blood type than they actually did, the results could be deadly.

Given the potential damage to patients’ finances and health, it is critical that healthcare organizations implement cybersecurity best practices, including training their employees on identifying phishing attempts and data protection processes. Often, organizations spend a lot of time and money on technology safeguards but neglect to invest equally in their biggest potential vulnerability: their employees. In addition to training employees on recognizing potential scam emails, it is critical to train them on protecting patients’ health information including:

• Keeping digital files instead of physical ones whenever possible
• Safeguarding paper files with as much vigilance as digital ones
• Collecting only the information they need
• Shredding any physical documents they no longer need

Additionally, with the rise in data breaches, it is important for healthcare organizations to take preventative steps to help mitigate the fallout if their patients do fall victim to medical identity theft. The most helpful resource healthcare organizations could have available to them is full-service medical identity theft and fraud resolution. Research shows that on average, it takes a victim of identity theft anywhere from 7 to 40 hours to resolve their case. The complexity of their cases can cause that amount of time to be even longer. Furthermore, if the case isn’t resolved properly, the results could be devastating. For this reason, it’s critical patients have access to dedicated experts who can help them resolve this major issue, with compassion and patience.

A full-service medical identity theft and fraud resolution would help not only lessen the impact to the patient affected, but also hopefully lessen any negative impacts on customer retention for the organization, should a breach cause the fraud. Offering to help customers in their hour of need can help build loyalty between a healthcare organization and its customers. Full-service medical identity theft and fraud resolution should include services that address prevention, monitoring, alerts, and resolution—all critical elements of identity protection best practice.

While today’s cyberworld is fraught with danger, there are steps that healthcare organizations can take to prevent medical identity theft. Simple tactics from safeguarding paper and digital files to installing a more comprehensive medical identity protection service can be effective tools in the continued fight against medical identity theft.

Paige Schaffer is president and chief operating officer of Generali Global Assistance’s Identity and Digital Protection Services Global Unit. She is an expert in cybersecurity, data breaches, and all related issues.

Get the best insights in healthcare analytics directly to your inbox.

Related

WannaCry, NotPetya, and Cyberwarfare's Threat to Healthcare

3 Things That Healthcare Must Understand About Cybersecurity

Is Blockchain the Answer to Healthcare's Cybersecurity Concerns?